- Google faces a class action lawsuit over unauthorized health data collection via tracking tools on provider websites.
- U.S. judge permits most privacy and wiretap claims to move forward.
- Case highlights rising concern over tech firms’ access to sensitive medical data.
A federal judge in California has ruled that the bulk of a class action lawsuit against Google can proceed, after plaintiffs alleged the company unlawfully collected sensitive health information through embedded tracking tools on healthcare providers’ websites.
The court determined that claims involving privacy invasion, California’s Invasion of Privacy Act (CIPA), and federal wiretap laws presented valid legal questions, especially regarding whether users meaningfully consented to the data collection.
Google Faces Legal Heat Over Alleged Collection of Confidential Medical Data
The lawsuit, Doe et al. v. Google LLC, accuses the tech giant of intercepting and using highly sensitive health-related data from visitors to medical websites, including major hospitals and clinics. This data was allegedly collected using tracking pixels, cookies, and analytics code embedded on pages discussing procedures like abortion and mental health treatments.
Plaintiffs argue that Google knowingly received this information and potentially used it for targeted advertising. For instance, one plaintiff visited a Planned Parenthood site in 2018 and claimed that details such as her procedure type and location were secretly captured and sent to Google. This information was linked to her through IP address, client ID, and behavior data.
Google’s defense centered on the argument that website operators—not Google—were responsible for what data was shared. However, Judge Vince Chhabria ruled that the question of user consent and Google’s role in data handling warranted further legal scrutiny, allowing most claims to move forward.
The case could set a critical precedent for how tech firms handle medical data online. It also puts pressure on healthcare providers to scrutinize the third-party technologies they integrate into their digital platforms—especially tools that may unintentionally violate confidentiality expectations.
As this case moves forward, it could redefine how user consent and third-party tracking intersect in healthcare, with implications for both tech giants and patient rights in the digital age.
“The right of privacy is the right to be let alone—the most comprehensive of rights and the right most valued by civilized men.”
— Justice Louis D. Brandeis, Olmstead v. United States (1928)
