Privacy lawsuits are making headlines daily. Law firms have figured out that they can sue any website operator who runs a Linkedin Insights Tag on their website without proper consent management banners running but that’s not the headline here. It’s actually that Linkedin as a company is now dealing with not 1, not 2, but 3 lawsuits over online data tracking.
If you want to avoid expensive privacy litigation it may be a good time to book a demo and see how Captain Compliance can help you.
LinkedIn Privacy Litigation Overview
LinkedIn Corp. must face three related class actions alleging it secretly collected sensitive information from visitors to several health-related websites through its tracking technology, violating California privacy laws.
The lawsuits target LinkedIn’s “Insight Tag” — an online analytics and marketing tool that captures user interactions and sends data back to LinkedIn for conversion tracking, ad optimization, and audience analytics.
On October 10, 2025, Judge Edward J. Davila of the U.S. District Court for the Northern District of California ruled that multiple claims under the California Invasion of Privacy Act (CIPA) and the California Constitution could proceed.
The ruling allows plaintiffs in L.B. v. LinkedIn Corp., J.S. v. Spring Fertility Holdings LLC, and V.R. v. LinkedIn Corp. to continue their lawsuits, while one related case, J.P. v. LinkedIn Corp., was dismissed after the plaintiff was found to have consented to data collection under a cookie policy.
Key Facts and Entities Involved
The lawsuits stem from LinkedIn’s alleged tracking of visitors to the websites of:
- ReflexMD — a telehealth provider offering Semaglutide (weight loss) prescriptions;
- CityMD — a large urgent care provider;
- Headway — a mental health care platform connecting patients with therapists;
- Spring Fertility — a fertility and assisted reproduction clinic.
Plaintiffs claim LinkedIn’s Insight Tag captured data such as page visits, referral URLs, and possibly medical interests or health-related inquiries — without their consent. If you followed our previous news coverage on the Flo Period Tracking app this may bring back some memories with the Spring Fertility tie in.
The data, they allege, revealed personal and sensitive health information protected under California’s constitutional right to privacy and CIPA’s prohibitions against unauthorized eavesdropping and interception.
Legal Theories: Invasion of Privacy and CIPA
The plaintiffs assert claims under two sections of the California Invasion of Privacy Act — Section 632 (confidential communication eavesdropping) and Section 631 (unauthorized wiretapping). Judge Davila allowed the Section 632 claims to move forward but dismissed the Section 631 claims for insufficient pleading.
The court held that the plaintiffs adequately alleged confidential communications with the health-related websites, sufficient to state a claim under CIPA §632.
They also adequately pleaded invasion of privacy under the California Constitution, establishing that they had a legally protected privacy interest, a reasonable expectation of privacy, and that LinkedIn’s conduct was highly offensive.
These findings are significant because they reaffirm that under state constitutional law, even non-medical companies can be liable for privacy violations when handling health-adjacent or sensitive behavioral data.
Class Actions and Bifurcation
The LinkedIn cases illustrate how complex digital-privacy class actions are managed in federal court. Multiple related cases have been filed, consolidated, and, in part, bifurcated (separated) to manage overlapping issues.
Judge Davila severed claims involving Meta Platforms Inc. and sent them to a different proceeding — In re Meta Pixel Healthcare Litigation — reflecting a growing trend of parallel lawsuits over similar tracking technologies across major social media and advertising platforms.
This procedural bifurcation allows the courts to handle overlapping factual questions — such as consent, intent, and the functionality of tracking pixels — while still maintaining individualized scrutiny of each company’s technology and policies.
The Court’s View on Consent and Intent
LinkedIn argued that its users consented to data collection through publicly available disclosures, privacy policies, and its contractual terms with the health websites. The company also argued that its internal agreements prohibited partners from sharing sensitive data.
Judge Davila disagreed, emphasizing that at this early stage it is unclear whether users had a “reasonable expectation of privacy” or whether LinkedIn’s disclosures were sufficient to constitute informed consent.
The court also rejected LinkedIn’s argument that its agreements with website operators proved it lacked intent to invade privacy. Judge Davila noted that the question of intent — particularly whether LinkedIn knew or should have known that health-related information was being transmitted — must be determined after discovery on a fuller factual record.
This reasoning reflects the evolving judicial approach to digital data tracking: disclosures alone are not always enough, especially when sensitive health, fertility, or mental health information is at stake.
Health, Mental Health, and Reproductive Privacy Implications
The lawsuits strike at the heart of data privacy in health and assisted reproduction sectors — areas already under heightened regulatory scrutiny.
Sensitive medical interests, such as fertility treatment or mental health therapy, can reveal deeply personal details that fall within California’s constitutional protection for informational privacy.
The inclusion of plaintiffs connected to mental health care and assisted reproduction sites demonstrates the growing reach of CIPA litigation into healthcare-adjacent technology.
As telehealth and patient engagement tools increasingly rely on analytics tags, behavioral data, and AI-driven advertising, companies must recognize that “non-HIPAA” data can still be regulated under state privacy laws if it relates to personal well-being or reproductive health.
These lawsuits echo similar enforcement and litigation patterns seen in the Meta Pixel Healthcare Litigation and recent investigations by state attorneys general into reproductive privacy following the Dobbs decision.
Broader Lessons for Businesses
The LinkedIn litigation sends an important message for any organization using third-party analytics, tracking pixels, or retargeting technologies — especially in healthcare, mental health, and fertility industries. You should have Captain Compliance here to protect you and remember the following:
1. Transparency Alone Isn’t Enough. Disclosures must clearly explain what types of data are collected, for what purpose, and with whom they are shared. “Cookie policy” consent banners that lack specificity may not withstand scrutiny when sensitive data is involved.
2. Context Matters. Even publicly available tracking tools can create liability if used in environments involving sensitive data. Regulators and courts assess context — not just technology — when determining if privacy expectations were reasonable.
3. Vendor Agreements Don’t Eliminate Risk. Contracts requiring third parties not to transmit sensitive data may reduce risk, but they don’t shield a company from liability if those obligations are violated in practice.
4. Invest in Technical Controls. Businesses should segment sensitive web pages, disable tracking pixels on medical, reproductive, or mental health content, and ensure data minimization principles are embedded in their technology stack.
5. Monitor State Law Trends. California’s CIPA continues to evolve through case law, but similar “wiretap” lawsuits have appeared under other state statutes in Washington, Pennsylvania, and Florida. Multi-jurisdictional compliance assessments are now a must.
Compliance Recommendations from Captain Compliance
At Captain Compliance, we help organizations prevent data-tracking risks before they become legal liabilities.
Our solutions combine regulatory expertise, automated scanning, and AI-driven consent and cookie management systems to ensure privacy-by-design.
- Comprehensive Data Mapping: Identify where analytics and pixels collect or share personal or health-related data.
- Consent Optimization: Implement region-aware banners and dynamic consent logic that adapts to sensitive content categories.
- Risk Audits: Conduct CIPA-focused privacy audits to identify potential violations of Sections 631 and 632.
- Vendor and Platform Due Diligence: Evaluate whether partners comply with contractual restrictions on sensitive data transfers.
- Incident Readiness: Develop playbooks for data tracking disclosures, litigation responses, and consumer communications.
With Captain Compliance, businesses can confidently demonstrate accountability to regulators, courts, and consumers — ensuring that digital innovation never comes at the expense of privacy.
Linkedin Insight Tags Lawsuit Help
The LinkedIn CIPA lawsuits highlight a growing legal and ethical tension between digital analytics and user privacy.
As courts increasingly treat online data tracking as a form of potential eavesdropping, companies that rely on tracking technologies must rethink how they collect and share user data — especially when it relates to health, fertility, or mental well-being.
For businesses, the lesson is clear: compliance cannot be an afterthought. In an era where data tracking blurs the line between marketing and surveillance, organizations that embed privacy, consent, and transparency into their core systems will lead with trust and resilience.
