LinkedIn and Google sued for sharing health data improperly

May 5, 2025

LinkedIn and Google are currently facing a lawsuit for allegedly accessing confidential health data from California’s health insurance exchange website using trackers. The proposed class-action lawsuit was filed shortly after an investigative report by CalMatters and The Markup brought this issue to light.

Following the investigation, a California congressman urged the federal Health and Human Services Department to look into the exchange’s data-sharing practices with LinkedIn. The report uncovered that trackers on the website, coveredca.com, were sending information to LinkedIn through a tool called the Insight Tag. This data included sensitive details about visitors, such as their pregnancy status, visual impairment, transgender identity, and experiences with domestic abuse.

Additionally, the trackers were collecting information on visitors’ medical provider searches and their frequency of prescription drug usage. Covered California, the organization operating the exchange, has removed these trackers since being made aware of the situation. A spokesperson explained that they were initially used as part of an advertising campaign that started in February 2024.

This incident raises concerns about the privacy and security of personal health information shared online. Users visit websites expecting their data to be protected, especially when dealing with sensitive topics like healthcare. The unauthorized transfer of such data to third-party companies like LinkedIn and Google without consent is a breach of trust and privacy.

The lawsuit against LinkedIn and Google highlights the importance of transparency and accountability in data privacy practices. Companies must uphold strict guidelines regarding the collection, storage, and sharing of personal information, particularly when it pertains to health-related data. Any unauthorized access or use of such data can have severe consequences for individuals’ privacy and security.

Efforts to secure sensitive health data online must be a top priority for website operators and tech companies. Strict measures should be in place to prevent unauthorized access or sharing of personal information to safeguard user privacy. This case serves as a reminder of the risks associated with online data collection and the potential misuse of sensitive health data by third parties.

In conclusion, the lawsuit against LinkedIn and Google underscores the need for greater scrutiny of data privacy practices, especially in the healthcare sector. It is crucial for companies to prioritize user privacy and security when handling sensitive personal information to maintain trust and integrity in the digital age.