Tomas Apodaca and Colin Lecher. Posted by Cross from Calmatters.
Illustrations by Gabriel Honzdusitt, Calmatters
The website that allows Californians to buy health insurance under CoveredCa.com’s Affordable Care Act, is sending sensitive data to LinkedIn, a forensic test by Calmatters revealed.
When visitors filled out the form on their website, a tracker on the same page gave LinkedIn answers to questions about whether they were blind, pregnant, or using many prescription medications. The tracker also monitored whether the visit was transgender or a potential victim of domestic abuse. (See Github Repo data.)
Covered California, the organization that runs the website, removed the tracker as calmatters, and Markup reported this article. The organization said it was removed in early April “due to the transition of marketing agencies.”
In a statement, agency spokesman Kelly Donohue said that Condifo data data was felt on LinkedIn as part of an advertising campaign. Since being reported about tracking, she added, “All active ad-related tags across our website have been turned off due to a wealth of attention.”
“In California, we have begun reviewing the ORT website and reviewing information security and privacy protocols. We are verifying that unanalysed tools are impossible to share sensitive consumers who take poor measures to protect the security and privacy of consumer data.”
When an individual indicated that he was pregnant, the information was sent to LinkedIn via the Insight tag.
According to Donohue, who said the LinkedIn campaign began in February 2024, the visitors who filled out their health information on the site may have been tracking the data for more than a year.
Calmatters directly observed the trackers in February and March of this year. We have confirmed that the target “Pixel” Tracracker and ad trackers containing all third park cookies have been removed from the site as of April 21st.
Since 2014, more than 50 million Americans have signed up for health insurance. They established the Affordable Care Act, signed into law by President Barack Obama in August 15 years. The state can, like California, operate exchange websites by Eisher in cooperation with the federal government or independently.
Target California operates as an independent organization within the state government. Its board is approved by the governor and legislative.
In March, Covered California announced that after a four-year increase in enrollment, the records of nearly 2 million people have been covered by health insurance through the program. In all, the organization said about one in six Californians had registered California, which is the subject of this. The uninsured share fell from 17.2% to 6.4% between 2014 and 2023, according to the organization. This coincided with a series of selection expansions to Medi-Cal, the state’s health insurance program for low-income households.
Express seed alarms to the idea that millions of people may have sensitive health data sent to private companies without knowledge or consent. Sarah Ziegegan, a senior advisor to the Center for Electronic Privacy Information, said it was “concern and invasive” for the health insurance website to send data that is “completely irrelevant” to users of for-profit companies like LinkedIn.
“It’s a shame,” she said.
LinkedIn Insight Tags
In recent months, Calmatters and Markup have scanned trackers on California and county government websites for sinkred using Blacklight, an automated tool developed by Website Tracker Markup.
Calmatters discovered that covered California has over 60 trackers on its site. Of the over 200 government sites, the average number of site trackers was three. In California, we had dozens more than any website we surveyed.
At CoveredCa.com, trackers from well-known social media companies such as Meta gathered information about the Visitor Page view, while lesser known analytics and media campaign companies such as Email Marketing Company LiveIntent also followed users across the site.
However, nuanced information had to be determined on linkedin.
The sub-feeling of data to LinkedIn covered the company with detailed information when visitors selected to see if they were eligible for plans including specialization, such as the pages they visited. The site also informed LinkedIn if Subsone searched for a particular hospital.
When an individual was selected as a healthcare provider, the information was sent to LinkedIn via the Insight tag.
In addition to demographic information including gender, the site also shared details with LinkedIn when visitors chose ethnicity and marriage status status, and when they told Coveredca.com how often they saw a doctor for surgery or outpatient treatment.
LinkedIn, like Oher’s large social media company, offers a simple way to send data about visitors via tracking tools that allow sites to place on pages. For LinkedIn, this tool is bound to the Insight tag. Using tags allows businesses and other organizations to later target LinkedIn ads to consumers who are already interested in their products or services. For ecommerce sites, Tracracker on the page can send ads for the product to the same person in the social media feed when Sumone is added to the product in its cart.
Healthcare markets like covered California may use trackers to reach groups of people, for example, who may be interested in reminding them of the deadline for enrolling open health insurance.
In its statement, California states its organizational options and notes the utility of these tools. “
Information was sent to LinkedIn via insight tags when an individual indicated that he was a victim of domestic abuse or spousal abandonment.
Trackers are also valuable to the social media companies that provide them. In addition to promoting advertising sales, they provide the opportunity to collect information about their visitors on their website.
On the Insight Tag Information Page, LinkedIn places a burden on websites that you don’t use in high-risk situations using tags. Tags are advised on the page, such as “should not be installed on web pages that collect or include sensitive dates” and “pages that provide specific health-related or financial services or products to consumers.”
LinkedIn spokesman Brionna Ruff said in an email statement: “Our advertising agreements and documents expressly prohibit customers from installing insight tags on web pages that contain pages that collect or collect sensitive data, including pages that provide health-related services.
Legal reissue
The collection of sensitive information by social media trackers, in previous examples, led to the removal of trackers, lawsuits and scrutiny by state and federal lawmakers.
For example, after the 2022 markup revealed that the Department of Education sent it to Facebook when it applied for university financial aid online, the department turned off sharing and faced questions from two members of Congress and was sued by two advocacy groups. Without the consent of the user, Meta and Google proposed a class action class litigation regarding information shared through drug stores, healthcare providers, tax preparation companies and trackers.
LinkedIn is already facing multiple proposed class actions related to the collection of medical information. In October, three new lawsuits in California court alleged that LinkedIn violated users’ privacy by collecting information about medical appointment sites, including the Diity Clinic.
While the tracking practices of social media companies are driving the incredible growth of the tech industry, few web users know how far the tracking will go. “This is absolutely inconsistent with the expectations of the average consumer,” Geoghegan said.
In California, the California Medical Information Confidentiality Act, which is governed by law, governs the privacy of state health information. Under this Act, consumers must grant permission to SOM organizations before medical information is disclosed to third parties. While these cases have not always been successful, companies face legal litigation to use web tracking technology.
Geoghegan said current protections are not progressing enough for consumers to protect sensitive data.
“This is an exact example of why we need better protection,” she said of LinkedIn reviewing the data. “This is sensitive health information consumed and we hope to be protected, and the lack of regulations has made us fail.”
