LinkedIn Faces Class Action Lawsuits Over Health Data Tracking
Executive Summary
On October 30, 2024, LinkedIn was hit with three digital privacy class action lawsuits alleging that the platform unlawfully intercepted users’ sensitive health care information for the purpose of targeted advertising.
These lawsuits were filed by the law firm Bursor & Fisher in both the U.S. District Court for the Northern District of California and the Santa Clara County Superior Court. The claims focus on wiretapping allegations under the California Invasion of Privacy Act and are brought on behalf of individuals who scheduled appointments through the websites of health care providers, including Spring Fertility (a fertility clinic), Therapymatch Inc. (operating as Headway), and Village Practice Management Co. (doing business as CityMD).
The complaints assert that LinkedIn accessed users’ private health information—such as gender, sexual orientation, and medical conditions—through its tracking tool, the LinkedIn Insight Tag, which was embedded on these companies’ websites.
Stacy Boven, a privacy and technology attorney at Nixon Peabody, noted that litigation concerning tracking technologies, including wiretapping claims under CIPA, could impact any business with a public website. This trend is particularly significant for industries that rely on data for client management and advertising.
LinkedIn, owned by Microsoft and headquartered in Sunnyvale, California, is the largest professional networking platform globally, boasting over 1 billion users. In addition to facilitating job searches and career development, LinkedIn provides marketing tools like the Insight Tag—a JavaScript code snippet that businesses can integrate into their sites to monitor visitor behavior. By matching website visitors to their LinkedIn accounts, the platform offers companies analytics to enhance marketing strategies and targeted advertising efforts.
The functionality of the Insight Tag is comparable to Meta’s Facebook Pixel, which has faced numerous class action lawsuits since 2022 for allegedly unlawfully acquiring users’ private medical information through its installation on health care websites.
The plaintiffs argue that even though LinkedIn requires users to accept a privacy policy, cookie policy, and a California-specific privacy disclosure, it remains opaque about how it utilizes the Insight Tag and the type of data it collects. They point out that LinkedIn’s privacy policy claims it will only process personal data with lawful bases; however, they contend that collecting sensitive medical information does not comply with state or federal laws, as users are often unaware of which sites have implemented the tag.
As CIPA complaints evolve to become more detailed and sophisticated, companies can no longer rely solely on privacy or cookie policies for protection. Businesses with public-facing websites should proactively assess their data practices, minimize data usage where feasible, clearly communicate data usage to users, and secure consent prior to data collection.
A LinkedIn states that they would demonstrate their advertising tools protect user privacy and asserted that these claims lack merit.
