Skip to content

Medtronic Sued for Allegedly Sharing Health Info with Google


Medtronic Minimed, Inc. and Minimed Distribution Corp. (“Medtronic”) were sued in a class action complaint in the Central District of California on August 30, 2023, by users of Medtronic’s InPen® system.  The lawsuit alleges that Medtronic engaged in “transmission and disclosure of Plaintiff’s and Class Members’ personally identifiable information (‘PII’) and protected health information (‘PHI’) [collectively, ‘Private Information’]… to Google[] and other third parties via tracking and authentication technologies – including Google Analytics (and others).”

The InPen® system, as described in the complaint, is “a smart insulin delivery system” that “help[s] people with type 1 or type 2 diabetes take the right amount of insulin, at the right time.” The InPen® system combines a Bluetooth-enabled insulin pen (“Pen”) with a corresponding mobile app (the InPen Diabetes Management app, or “App”), as shown below in an image from Medtronic’s website. According to the complaint, the App “automatically records the size and timing of insulin doses” and alerts users when insulin is not taken.

The plaintiffs allege the InPen® system has “Tracking Tools” (including “Google Analytics, Crashlytics, Firebase Authentication, and related tools”) “installed” on the App and accompanying digital platforms. The complaint goes on to assert that the InPen® system “collect[s] a treasure trove of personal data patients communicate in relation to their healthcare, which M[edtronic] secretly mines, transmits, and intercepts for its own benefit,” all “without first obtaining Plaintiff’s [] consent or authorization.”

The complaint asserts that the Private Information improperly disclosed includes the user’s name, phone number, email address, date of birth, IP address, status as a person with diabetes, information about specific medical conditions and treatment and related health information (such as insulin use), unique identifiers tied to a user’s InPen account or mobile device, and “other sensitive personal and demographic information.” With all this information, the complaint alleges the Tracking Tools can individually identify users, and this information was sold. The plaintiffs assert that these actions invade customer privacy and violate Medtronic’s own Privacy Policies, HIPAA, industry standards (the AMA’s Code of Medical Ethics), and Federal Trade Commission (FTC) data security guidelines. The complaint further asserts that Medtronic “has admitted that it shared such information with Google and other third parties” and that Medtronic “publicly acknowledged its collection and dissemination of its Users’ Private Information” in “April of 2023” in a public notice.

The next steps will be for the plaintiffs to formally notify Medtronic of this lawsuit (referred to as “service”), if that has not already occurred. Once service occurs, Medtronic will likely have up to 21 days to formally respond to the complaint. The case docket is available here.


, , , ,

Medtronic Sued for Allegedly Sharing Health Info with Google Headshot

Eric Wittgrove

Eric Wittgrove is an associate in the firm’s San Francisco office. He focuses on client practice through patentability and landscape analyses as well as patent drafting and prosecution. His clients include those in the medical device and advanced semiconductor manufacturing fields, but he represents clients in a variety of technologies.

Eric graduated cum laude from Washington University School of Law in St. Louis (“WashULaw”), and graduated magna cum laude from Brown University with a degree in materials science and engineering. While in law school, Eric focused on matters of intellectual property (IP), participating in WashULaw’s IP Clinic (providing supervised legal advice to individual inventors in the St. Louis area) and participating in the Saul Lefkowitz Moot Court Competition. Eric also served as the Chief Primary Editor of WashULaw’s Global Studies Law Review.

Eric joined the firm in 2022.

View all posts published by Eric Wittgrove
By using this blog, you agree and understand that no information is being provided in the context of any attorney-client relationship. You further agree and understand that nothing herein is intended to be legal advice. This blog is solely informational in nature, and is not intended as, and should not be used as, a substitute for competent legal advice from a retained and licensed attorney in your state. Knobbe Martens LLP makes no representations or warranties as to the accuracy, completeness, timeliness or availability of the information in this blog. Knobbe Martens LLP will not be liable for any injury or damages relating to your use of, or access to, any such information. Knobbe Martens LLP undertakes no obligation to correct or update information on this blog, which may be incorrect or become incorrect or out of date over time. Knobbe Martens LLP reserves the right to alter or delete content or information on the blog at any time. This blog contains links and references to other websites and publications that you may find of interest. Knobbe Martens LLP does not control, promote, endorse or otherwise have any affiliation with any other websites or publications unless those websites or publications expressly state such an affiliation. Knobbe Martens LLP further has no responsibility for, and makes no representations regarding, the content, accuracy or any other aspect of the information in such websites or publications.
close modal