Healthcare and pharma companies may be facing a data privacy crisis as regulation around it has increased in recent years, according to a report released by Compliant this week.

The report noted that a sizable chunk of healthcare and pharma companies are actually in violation of U.S. and international data protection laws without being fully aware of it. As a result, these organizations face potential fines.

Data protection laws have proliferated recently, with fines rising 40% in 2020 and 2021. Some $1.8 billion in General Data Protection Regulation (GDPR) fines have already accumulated among companies.

The Compliant report examined top websites in 2022, including healthcare and pharma ones, and explored companies in digital marketing that were potentially at risk of data compliance breaches. It found that on average, health and pharma sites contain about 13 “piggybacked” tags — or third-party tags that collect data.

“The lack of transparency in the digital media supply chain means that health and pharmaceutical companies have limited visibility of the intermediaries operating on or through their websites, making the ongoing detection and management of unlawful and unethical data practices a significant challenge,” Compliant CEO Jamie Barnard said in a statement.

One way of addressing the issues around data privacy is for healthcare companies to invest in consent management platforms, or platforms that request and store users’ consent for collecting their information, on their sites. The Compliant report found that a majority of European companies now use consent management platforms. Still, 88% of them are installed incorrectly, leading to data breach risks.

“The results are a wake-up call for the industry, with health and pharmaceutical brands and publishers exposing themselves to regulatory and reputational risk,” Barnard said.

Stricter data privacy laws began emerging after the Facebook-Cambridge Analytica scandal broke in early 2018. 

At the time, The New York Times reported that Cambridge Analytica, a right-wing consulting and data analytics firm, used personal data from 50 million Facebook users to help influence the 2016 U.S. elections. Public outrage over the use of that personal data without users’ consent helped spur and speed up data privacy laws, including the European Union’s GDPR.For healthcare marketers, the awareness that data privacy efforts should go beyond simply being HIPAA-compliant is growing, though most companies are still a bit behind on modernizing their practices. According to a 2021 Innovid survey, 80% of marketers still say they use third-party cookies on their sites.