In a watershed privacy verdict, a California jury has determined that Meta illegally collected menstrual health data from users of the Flo period-tracking app, in violation of the state’s privacy laws. This decision marks a significant blow to Big Tech’s data practices and amplifies global concerns around digital health privacy.
What Happened?
In a class-action lawsuit initiated in 2021, women accused Meta—formerly Facebook—and other companies like Flo Health, Google, and analytics firm Flurry of covertly collecting sensitive reproductive health data without informed consent. The jury ruled that Meta specifically violated California’s Invasion of Privacy Act by using its SDK to intercept personal data such as period dates, fertility status, pregnancy intent, and even mental health notes.
Flo and other defendants settled prior to trial, but Meta stood trial and the jury unanimously found it guilty on all counts of intentionally recording private user information without consent.
Why It Matters
- Privacy at Stake: This landmark ruling underscores a user’s reasonable expectation of privacy—especially regarding intimate health details.
- Legal Precedent: By applying a 1960s-era wiretapping statute to modern app telemetry, this case sets a legal precedent that may reshape data privacy litigation.
- Broad Implications: The verdict sends a powerful message to tech and femtech industries that vague privacy notices and SDK-based data harvesting are no longer acceptable.
Meta’s Reaction & Next Steps
Meta strongly disputes the verdict and plans to appeal, asserting that it does not want sensitive health data and that its policies prohibit developers from sending such information.The Verge
Verdict Snapshot
| Detail | Information |
|---|---|
| Affected Users | Over 3.7 million U.S. Flo users |
| Timeframe | November 2016 – February 2019 |
| Legal Basis | California Invasion of Privacy Act |
| Other Defendants | Google, Flo, Flurry (settled before trial) |
| Meta’s Response | Disagrees and will appeal |
