Napa, CA — A newly filed federal lawsuit is accusing LinkedIn and Google of unlawfully intercepting sensitive personal information from users of California’s state-run health insurance exchange, Covered California, through embedded tracking tools on the website.
The class-action suit, filed in the U.S. District Court for the Northern District of California, comes just one day after a joint investigation by CalMatters and The Markup revealed that trackers on Covered California’s website were quietly transmitting confidential data to third-party tech firms. The data reportedly included details as personal as whether a user was pregnant, transgender, blind, or had experienced domestic abuse—information that users entered as part of the process to obtain health insurance coverage.
According to the lawsuit, the information was collected through LinkedIn’s “Insight Tag,” a tool typically used for marketing and audience analytics. The data was gathered without the knowledge or consent of users, violating both California and federal privacy laws, the lawsuit alleges.
The plaintiff, an anonymous California resident, claims she submitted health information through the Covered California website in June 2023 and that this data was subsequently shared with LinkedIn and Google. Represented by the law firm Bursor & Fisher—known for high-profile privacy litigation including a $100 million settlement with Google in 2022—the plaintiff seeks to represent a class of all users affected by the unauthorized data-sharing.
“LinkedIn and Google intentionally intercepted sensitive and confidential communications between Covered California and its customers,” the complaint states, accusing the tech companies of violating the California Invasion of Privacy Act and the federal Electronic Communications Privacy Act.
Covered California, a central element of the state’s implementation of the Affordable Care Act, has since removed the trackers. In a public statement following the investigative report, the agency said it was reviewing “the nature and extent of sensitive consumer data and information that was inadvertently shared with LinkedIn.”
The embedded tracking tools were reportedly implemented in February 2024 as part of an advertising campaign, according to a Covered California spokesperson.
While Google has not yet responded to media inquiries, a LinkedIn spokesperson pointed to company policies that “expressly prohibit customers from installing the Insight Tag on web pages that collect or contain sensitive data, including pages offering health-related services.”
The controversy has also drawn attention from federal lawmakers. Rep. Kevin Kiley (R-Rocklin), whose district spans from Sacramento suburbs to Death Valley, sent a letter to the U.S. Department of Health and Human Services calling for an investigation. Kiley described the data sharing as “incredibly disturbing” and urged regulators to assess whether privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) were violated.
His letter further called for an accounting of how many Californians were affected and how similar breaches can be prevented in the future.
The case adds to growing concerns about the use of commercial tracking tools on government and healthcare websites—a practice that privacy advocates argue is incompatible with the protection of highly sensitive personal information.
As millions rely on Covered California for access to health coverage, the implications of the lawsuit could be far-reaching, not just for the state but for public digital services nationwide.