In major legal news, Flo Health settles data privacy lawsuit accusing the company of violating California’s consumer privacy laws. The class action lawsuit alleged that Flo Health collected the highly personal health information of millions of women who used the company’s period-tracking app and then unlawfully shared that data with Meta (Facebook), Google, and other tech companies. The harvesting of users’ protected healthcare information is seen as particularly invasive because the data often includes intimate details about a person’s health and sexuality. Before the jury issued a verdict in the case, however, Flo Health reached a settlement with the plaintiffs. The settlement, as well as the subsequent jury verdict against Meta, is likely to have significant consequences for the health industry and for consumer health data privacy.
To learn more about the invasion of privacy lawsuit against Flo Health, keep reading.
Flo Health Accused of Capturing User Data Without Permission
Flo Health, Inc. is the company behind the Flo Cycle & Period Tracker app, the world’s leading period and ovulation tracker. The app was launched in 2016, and it allowed users to track their periods and pregnancies: users would input personal data about their menstrual cycles, pregnancy due dates, and other related information. According to the CEO of Flo Health, one out of every four U.S. women uses the Flo Health app. Additionally, it has been reported that Flo Health recently raised $200 million in Series C funding to grow its brand. That investment imputes a valuation of more than $1 billion for the company.
The software used by Flo Health allegedly captured data anytime a user opened the fertility-tracking app. The software would also allegedly log every action taken by users on the app.
Survey Questions
When users accessed the Flo Ovulation & Period Tracker app, they filled out a survey. Some of the intrusive survey questions included:
- When was your last period?
- How often do you have sex?
- Do you masturbate?
- Do you get yeast infections?
Data Sharing
Flo Health allegedly embedded software on its app to harvest and then share user responses with third parties. Importantly, this was not supposed to include “information regarding users’ menstruation cycles, pregnancy, symptoms, and other information entered by users.”
According to the lawsuit against Flo Health, users of the app provided intimate health information because they believed the company’s assurances that their data would remain confidential.
Flo Health Privacy Policy Promised Not to Share Users’ Personal Information
The breach of data privacy allegedly happened despite written statements by Flo Health promising users that their sensitive health information would remain private. Although Flo Health claimed to disclose the use of tracking code in its Privacy Policy and Terms of Service, the class action plaintiffs alleged that the disclosure was insufficient.
Moreover, Flo Health allegedly assured users in its Privacy Policy disclosures that their personal information from the app would only be shared when doing so was absolutely necessary to provide a service on the app. Instead, users’ sensitive health information was allegedly shared with third parties who had no restriction on how they might use the data.
Lawsuit: Flo Health Violated California Privacy Laws by Sharing Customer Data with Meta/Facebook and Google
Flo Health was sued in a class action lawsuit accusing the company of unlawfully sharing consumers’ personal health data with third parties. The plaintiffs in Frasco v. Flo Health were a class of women who used the Flo Health app and alleged that their sensitive health data was collected and revealed without consent.
The lawsuit, filed in the U.S. District Court for the Northern District of California, also named Meta (Facebook), Google, and Flurry as defendants. The main statutory basis for the class action lawsuit was the California Invasion of Privacy Act (CIPA). The lawsuit also alleged violations of California’s Confidentiality of Medical Information Act (CMIA).
Flo Health Avoids Trial by Settling Data Privacy Class Action
Google and Flurry avoided trial by reaching settlements early on. Flo Health also reached a settlement just days before a verdict in the trial. The terms of the settlement were confidential, with Flo Health making no admission of wrongdoing. The lawsuit against Meta proceeded to trial, with a jury ultimately ruling against Meta.
The claims against Flo Health included alleged violations of California’s stringent privacy laws, including the California Invasion of Privacy Act (CIPA). If the case had gone to trial, Flo Health would have faced billions of dollars in potential damages because of statutory penalties and punitive damages. In fact, before Flo Health settled the lawsuit, the company said that the potential damages if they lost would be “mind-boggling.”
What Is the Future of Health Data Privacy After the Flo Health Lawsuit Settlement?
The outcome of the Flo Health case could have an effect on other industries because it is now clear that sensitive data may be subject to heightened privacy requirements. Although Flo Health is not technically a medical provider that must comply with HIPAA regulations on protected health information, the jury in the Meta trial still found that the type of personal information Flo Health collected and shared did constitute “sensitive healthcare data.”
Additionally, legal observers believe that the Flo Health & Meta jury verdict could put companies on notice that they need to exercise extreme caution when partnering with a third party on an app or website.
FTC Charges Against Flo Health for Fraudulent Misrepresentations About Customers’ Privacy Rights
The recent class action lawsuit against Flo Health was not the first time the company has faced legal action due to allegations of violating consumers’ privacy rights. In 2019, the Wall Street Journal published a report detailing possible data privacy violations by Flo Health. This prompted the U.S. Federal Trade Commission (FTC) to begin an investigation. The FTC later brought charges against Flo Health for making fraudulent misrepresentations about how they would protect users’ privacy rights.
In 2021, Flo Health reached a settlement agreement with the FTC.
Call the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP
Are you a California resident who revealed personal health information while using an app or website? It’s possible that you were the victim of a data privacy violation that could entitle you to financial compensation. The legal team at Tauler Smith LLP can help you. Our skilled California consumer protection attorneys are familiar with digital privacy laws at both the federal and state levels, and we have considerable experience representing plaintiffs in these cases.
Call 310-590-3927 or send an email today to discuss your legal options.
