A California jury recently ruled that Flo, a popular menstrual health app, violated state privacy laws by improperly collecting sensitive health data from its users. The complaint, first filed in 2021, originally included Flo as a defendant along with Meta, Google, AppFlyers and Flurry. The plaintiffs on behalf of millions of Flo users charged the companies with collecting private health information without user knowledge and consent.
The trial made abundantly clear the dangers of tech industry data-sharing practices. The plaintiffs argued that Flo and Meta purposefully gathered sensitive information such as users’ period start dates and fertility targets. They argued that this conduct was a violation of the California Invasion of Privacy Act. This ruling highlights the need to protect user privacy, especially when it involves more sensitive health information.
Of those cases, Google agreed to settle the case in July, and Flo reached settlement just earlier this month. These effects ignited a broader conversation about the ethical obligations of companies like Facebook and Google to safeguard sensitive personal information. Flo’s last round of funding was last year when they raised $200 million in Series C funding from General Atlantic. This funding increased their valuation to over $1 billion.
In December, Meta settled similar allegations that it had secretly profited off users’ sensitive data. After the verdict, a Meta spokesperson said their team continued to disagree with the ruling. They stated, “We vigorously disagree with this outcome and are exploring all legal options. The plaintiffs’ claims against Meta are simply false. User privacy is important to Meta, which is why we do not want health or other sensitive information, and why our terms prohibit developers from sending any.”
Legal experts Michael P. Canty and Carol C. Villegas provided this insightful analysis of the verdict. They argue that it robustly protects the security and privacy of Americans’ digital health data and calls out Big Tech’s accountability. They doubled down on the need to hold private sector companies accountable who profit off of users’ deeply personal data.
“Companies like Meta that covertly profit from users’ most intimate information must be held accountable. Today’s outcome reinforces the fundamental right to privacy—especially when it comes to sensitive health data.” – Michael P. Canty and Carol C. Villegas.
The digital landscape, more than ever, is changing at a breakneck pace. This powerful ruling underscores the need for transparency and accountability in every aspect of how we collect and use data. This result powerfully affirms the notion that privacy is a fundamental right. It’s particularly true when it comes to the health information individuals provide to apps like Flo.
