The Markup, now a part of CalMatters, uses investigative reporting, data analysis, and software engineering to challenge technology to serve the public good. Sign up for Klaxon, a newsletter that delivers our stories and tools directly to your inbox.
One day after an investigation by The Markup and CalMatters, LinkedIn and Google were hit with a proposed class-action lawsuit alleging they improperly received confidential data from trackers on California’s health insurance exchange website.
A California congressman, citing the investigation, then called on the federal Health and Human Services Department to investigate the exchange’s sharing of data to LinkedIn.
In the article, published this week, The Markup and CalMatters revealed how trackers on the website, coveredca.com, sent information on visitors to LinkedIn through a tool called the Insight Tag. As visitors filled out forms on the site, the trackers sent LinkedIn information about them, including whether they were pregnant, blind, transgender, or had experienced domestic abuse. The trackers also monitored information on visitors’ searches for medical providers and how often those visitors used prescription drugs.
The government entity that operates the exchange, Covered California, has since removed the trackers. A spokesperson said they had been used as part of an advertising campaign that began in February 2024.
The lawsuit, filed in the Northern District of California, cites forensic testing by The Markup and CalMatters, as well as research by the plaintiff, to allege that LinkedIn and Google received health data from web trackers on coveredca.com without the knowledge or consent of users. The plaintiff in the suit is an anonymous California woman who alleges she filled out information on Covered California around June of last year, and had that information sent to LinkedIn and Google.
Pixel Hunt
How California sent residents’ personal health data to LinkedIn
The state’s health insurance exchange transmitted pregnancy and domestic abuse data during a marketing campaign. It is reviewing its website practices.
A proposed class action, the lawsuit seeks to represent everyone who had information transmitted to the tech companies by Covered California. The firm representing her, Bursor and Fisher, has a speciality in class-action suits, including in data privacy, and touts receiving a $100 million settlement from Google for alleged privacy violations in 2022.
“LinkedIn and Google intentionally intercepted sensitive and confidential communications between Covered California and its customers,” the suit, which seeks to represent others similarly situated, reads. “LinkedIn and Google failed to receive consent for these interceptions.”
The suit alleges that the tracking runs afoul of California and federal laws, including the California Invasion of Privacy Act, which requires consent before “communications” can be sent to third parties. The companies made similar violations under the federal Electronic Communications Privacy Act, according to the suit.
Google did not immediately respond to requests for comment.
A LinkedIn spokesperson referred to the company’s previous statement, saying that its policies “expressly prohibit customers from installing the Insight Tag on web pages that collect or contain sensitive data, including pages offering health-related services.”
Millions of people in the state have received coverage through Covered California, set up under the Affordable Care Act as a way for Californians to quickly and easily shop for insurance and compare plans. In a statement posted online after publication of The Markup and CalMatters story, the organization said it was “reviewing the nature and extent of sensitive consumer data and information that was inadvertently shared with LinkedIn.”
LinkedIn and Google failed to receive consent.
Proposed class action lawsuit filed in federal court over sharing of sensitive data from California’s health insurance exchange.
Since the tracking was revealed, the story has also drawn the attention of lawmakers. Rep. Kevin Kiley, who called the sharing of data “incredibly disturbing,” sent a letter to the Department of Health and Human Services asking it to investigate whether the tracking may have violated privacy laws like the Health Insurance Portability and Accountability Act. Kiley is a Republican whose California district stretches from suburban Sacramento to Death Valley.
Among other questions, the letter asks the agency to determine how many people were affected by the tracking, and how “something like this [can] be prevented in the future.”
