LinkedIn sued for tracking user health data

Business-focused social media platform LinkedIn has been slapped with three digital privacy class actions contending that it illegally intercepted users’ sensitive health care information to use in targeted advertising.

All three cases, filed by Bursor & Fisher in U.S. District Court for the Northern District of California and the Santa Clara County Superior Court, asserted wiretapping claims under the California Invasion of Privacy Act. The claims were brought on behalf of class members who made appointments on the websites of health care companies Spring Fertility, a fertility clinic; online psychotherapy platform Therapymatch Inc., doing business as Headway; and accessible urgent care provider Village Practice Management Co., doing business as CityMD.

The complaints accuse LinkedIn of accessing users’ private personal and health care information, such as gender, sexual orientation and the conditions for which they were seeking treatment, via its tracking tool, the LinkedIn Insight Tag, which was installed on the companies’ websites.

“Tracking technology litigation, including wiretapping claims under CIPA, can affect basically any company with a public-facing website,” said Stacy Boven, privacy and technology attorney at Nixon Peabody who leads the firm’s tracking technology team. ”This litigation is impacting a wide range of industries, especially those that benefit most from leveraging data for client management and advertising purposes.”

LinkedIn, a Microsoft-owned company based in Sunnyvale, California, is the largest professional networking site in the world with over 1 billion users, according to its website. In addition to job search and career development services, LinkedIn offers marketing tools in the form of the LinkedIn Insight Tag, a snippet of JavaScript code fueled by LinkedIn cookies that businesses can embed into their websites to track visitor activity. After matching the website visitors with their LinkedIn accounts, LinkedIn provides companies with consumer engagement analytics based on the collected data to improve their marketing strategies and targeted ad campaigns.

The function of the tag is similar to Meta’s Facebook Pixel, a tracking tool that transmits data about users’ website interactions to Meta and has been targeted by dozens of class action privacy lawsuits since 2022, including allegations that the Big Tech giant unlawfully acquired customers’ private medical information via Pixel’s installation on hospital and health care provider websites in In re Meta Pixel Healthcare Litigation. Meta, along with Spring Fertility, are named as co-defendants in one of the LinkedIn cases, J.S. v. Spring Fertility Holdings. 

Related: Supreme Court will hear ERISA class action suit: Did Cornell Univ. mismanage its 403(b) plan?

The plaintiffs attorneys argued that, despite requiring users to agree with a privacy policy, a cookie policy and—for California residents—a California privacy disclosure, LinkedIn is not transparent about its use of the Insight Tag and the nature of the data it siphons. The plaintiffs attorneys cited LinkedIn’s privacy policy, which states: “We will only collect and process personal data about you where we have lawful bases.” LinkedIn’s collection of sensitive medical data is not “lawful” under state or federal privacy laws and users, who are often unaware of which websites implement the tag, cannot legally consent to it, they said.

Boven said that as CIPA complaints become more “sophisticated” and “detailed,” it’s not enough for companies to simply rely on their use of privacy or cookie policies.

“While this tracking technology trend continues to grow, companies with public websites should take proactive steps to understand their data usage practices, limit the use of data where possible, communicate to users how their data is being used and, most importantly, obtain consent before the data is collected,” she said.

“We will show that our advertising tools safeguard member privacy and that these claims lack merit,” said a LinkedIn spokesperson in an emailed statement.

The plaintiffs counsel at Bursor & Fisher did not immediately respond to requests for comment.