▼
Allegations Only · No Settlement Yet
This article describes a class action complaint. The statements below are unproven
allegations. The defendants have not been found liable, there is no certified class, and
nothing to claim at this time. This page is informational and is not legal advice.
A proposed class action accuses Planned Parenthood Federation of America and three of its regional affiliates of sending patients' appointment-booking information to Google and other outside companies through tracking code embedded on their websites. The complaint, C.B. v. Planned Parenthood Federation of America, Inc. (Case No. 1:26-cv-05201, U.S. District Court for the Southern District of New York), was filed on June 19, 2026 by three plaintiffs proceeding under their initials, on behalf of a proposed nationwide class and several subclasses.
According to the complaint, when a visitor uses the "Book an Appointment" flow on plannedparenthood.org — selecting a service such as abortion, birth control, or STD testing, and entering a ZIP code — the site transmits that search to Google in a single message that also carries the visitor's age and a persistent Google identifier (the "cid") that Google uses to recognize the same browser across the web. For visitors who select abortion services, the complaint alleges the transmission also includes the date of the person's last menstrual period. The defendants have not yet responded to the complaint, and the allegations are unproven.
Status
Complaint Filed · June 19, 2026
C.B. v. Planned Parenthood Federation of America, Inc. · S.D.N.Y. (1:26-cv-05201)
Core Allegation
Booking-page trackers sent service selections, ZIP, age & health details to Google
Alleged violations of NY GBL § 349, the federal Wiretap Act (ECPA), California's CMIA & Florida's FSCA
Proposed Class
Nationwide class of people who booked appointments on plannedparenthood.org
Plus California, Florida, MyChart, no-banner & "Reject All" subclasses
Can I Claim?
No — nothing to claim yet
No settlement, no fund, no claim form; class not certified
The complaint alleges that the plannedparenthood.org homepage and booking pages automatically activate tracking and advertising scripts from at least sixteen outside companies — including Meta (Facebook), TikTok, Pinterest, Microsoft Bing, and Quantcast — before a visitor has interacted with the site's cookie-consent banner at all.
The most detailed allegations concern Google Analytics. When a visitor searches for a health center, the complaint says, the browser sends Google a message spelling out the service selected (a "service" field set to, for example, "abortion"), the visitor's ZIP code and age, and — on the abortion-search page — fields recording the date of the last menstrual period and the number of weeks since it occurred. The complaint alleges the message travels with the persistent Google "cid" identifier, letting Google connect the activity to a recognized browser it follows across other sites.
The plaintiffs also allege the transmissions were disguised: rather than being addressed to Google directly, the analytics traffic was routed through ppfa.plannedparenthood.org — a Planned Parenthood-branded subdomain that, according to the complaint, resolves to a Google server, so the data appears never to leave Planned Parenthood while actually going to Google.
The complaint further alleges the tracking follows patients past the federation's website and into the patient portal run by Planned Parenthood's regional affiliates. After choosing a health center, patients in states including Florida, Georgia, and Tennessee are directed to myplannedparenthoodchart.org — Planned Parenthood's deployment of Epic's MyChart scheduling platform — to pick the specific service they want to be seen for.
According to the complaint, that MyChart page loads Google Tag Manager, the Meta Pixel, and session-replay tools, and sends Google messages carrying the same persistent identifier assigned during the earlier booking search — so that, as the complaint puts it, the person who searched for a service on the federation's site and the person now scheduling care in the affiliates' medical portal "are identified together as one." The affiliates named as defendants — Planned Parenthood of Florida, Planned Parenthood Greater Memphis Region, and Planned Parenthood Southeast — are HIPAA-covered healthcare providers, and the complaint alleges these disclosures were made without the written authorization HIPAA requires before protected health information can be shared for marketing.
A central theme of the complaint is that no version of the site's consent process authorized the alleged disclosures. Two of the plaintiffs used the site in 2021–2023, before Planned Parenthood installed a cookie-consent banner in March 2024, so they were never shown any banner. The third plaintiff says she clicked "Reject All" in the banner's cookie-settings panel — and the complaint alleges the tracking transmissions to Google occurred anyway, identically for users who clicked "Allow All," clicked "Reject All," or never engaged the banner at all.
The complaint also attacks the banner's design as a "dark pattern" under California privacy law: the banner itself offers only a prominent "Allow All" button, with "Reject All" hidden inside a separate settings menu where the marketing, performance, and analytics toggles are preset to "On." And it argues that Planned Parenthood's own Privacy Notice cuts against consent, since the Notice tells patients that information provided to affiliates for medical care is protected by state and federal law and is outside the Notice's scope.
The complaint proposes a nationwide class of all natural persons in the United States who booked an appointment on plannedparenthood.org and whose appointment-related information was collected and relayed to third parties by embedded tracking technologies. It also pleads several subclasses:
• A no-consent-banner subclass of users who never clicked "Accept All" on the cookie banner.
• A HIPAA subclass of people who used the MyChart booking system to schedule care with an affiliate health center.
• California and Florida subclasses for residents of those states.
• A "Reject All" subclass of users who expressly declined tracking through the banner.
The complaint estimates the class likely includes hundreds of thousands of people. No class has been certified yet, so the definitions and eligibility could change as the case proceeds — or the case could be dismissed.
The complaint brings seven counts: deceptive practices under New York General Business Law § 349 (two counts, one specific to "Reject All" users), breach of implied contract, breach of confidence, interception and disclosure of electronic communications under the federal Electronic Communications Privacy Act, violation of California's Confidentiality of Medical Information Act, and violation of the Florida Security of Communications Act.
The plaintiffs seek actual, statutory, and punitive damages — including $50 per violation under GBL § 349, the greater of $100 per day or $10,000 under the ECPA, and $1,000 per violation under the CMIA — plus disgorgement of profits and injunctive relief. The requested injunction would require the defendants to delete the data at issue, have Google and Meta delete what they received, remove third-party trackers from both websites, and redesign the privacy policy and cookie banner. All of these are requests tied to unproven allegations; no court has found any defendant liable, and no money has been awarded.
No. This is a freshly filed lawsuit, not a settlement.
• There is no settlement fund.
• There is no claim form.
• There is no payout and no deadline to act.
For any money to be distributed, the case would first have to survive the defendants' expected motions, then win class certification, and then either settle or prevail — a process that can take years and may not succeed. Healthcare tracking-pixel cases have produced settlements before — see the Duly Health tracking-pixel settlement — but each case turns on its own facts. If a class is ever certified here and a settlement or judgment results, a formal process with its own eligibility rules and deadlines would be announced.
Is there a Planned Parenthood tracking settlement or claim form?
No. This is a newly filed class action complaint, not a settlement. There is no settlement fund, no claim form, and no payout. The defendants have not been found liable, no class has been certified, and there is nothing to claim at this time.
What does the Planned Parenthood website tracking lawsuit allege?
The complaint alleges that the "Book an Appointment" flow on plannedparenthood.org transmitted to Google the service a patient selected (such as abortion, birth control, or STD testing), the patient's ZIP code and age, and — for abortion searches — the date of the patient's last menstrual period, all tied to a persistent Google identifier. It also alleges the tracking continued on the MyChart scheduling portal run by Planned Parenthood affiliates, and that these disclosures happened regardless of cookie-banner choices. These are unproven allegations.
Who could be covered by the proposed class?
The complaint proposes a nationwide class of people who booked an appointment on plannedparenthood.org and whose appointment-related information was relayed to third parties by embedded tracking technologies, plus subclasses for California and Florida residents, MyChart portal users, people who never saw a cookie banner, and people who clicked "Reject All." No class has been certified, so the definitions could change as the case proceeds — or the case could be dismissed.
What laws does the Planned Parenthood lawsuit invoke?
The complaint brings claims under New York General Business Law § 349, the federal Electronic Communications Privacy Act (wiretap act), California's Confidentiality of Medical Information Act, and the Florida Security of Communications Act, along with breach of implied contract and breach of confidence. It also alleges the disclosures violated HIPAA's rules against sharing protected health information for marketing without written authorization, though HIPAA itself has no private right of action.
What should Planned Parenthood website users do now?
There is nothing to claim right now because there is no settlement. People who booked appointments through plannedparenthood.org can follow the case for updates. If a class is ever certified and a settlement or judgment results, a formal process with its own eligibility rules and deadlines would be announced. This page is informational and is not legal advice.
• Class Action Complaint, C.B. v. Planned Parenthood Federation of America, Inc., No. 1:26-cv-05201 (S.D.N.Y., filed June 19, 2026).
• New York General Business Law § 349 (deceptive acts and practices).
• Electronic Communications Privacy Act, 18 U.S.C. § 2510 et seq.
• California Confidentiality of Medical Information Act, Cal. Civ. Code § 56 et seq.; Florida Security of Communications Act, Fla. Stat. § 934.01 et seq.
Free settlement alerts
Get notified when new class actions open to claims
Join thousands of readers who get the latest class action settlements you may qualify for — delivered straight to your inbox.
For more class actions keep scrolling below.
Status
Complaint Filed — Allegations Only
Case Title
C.B. v. Planned Parenthood Federation of America, Inc.
Case Number
1:26-cv-05201
Court
U.S. District Court, Southern District of New York
Date Filed
June 19, 2026
Defendants
Planned Parenthood Federation of America, Inc.; Planned Parenthood of Florida, Inc.; Planned Parenthood Greater Memphis Region, Inc.; Planned Parenthood Southeast, Inc.
Claims
NY GBL § 349; ECPA (Wiretap Act); California CMIA; Florida Security of Communications Act; breach of implied contract; breach of confidence