A California jury has found Meta Platforms Inc. in violation of the state’s privacy laws after determining the company improperly collected sensitive health data from users of the Flo period tracking app without their consent.
The ruling stems from a class-action lawsuit filed in 2021, in which plaintiffs alleged that Meta, along with Flo and other tech firms, harvested menstrual cycle information and fertility data for advertising purposes, in violation of the California Invasion of Privacy Act. The jury’s verdict holds Meta liable for mishandling user health data shared through the app.
“This verdict sends a clear message about the protection of digital health data and the responsibilities of Big Tech,” said Michael P. Canty and Carol C. Villegas, lead trial attorneys in the case. “Companies like Meta that covertly profit from users’ most intimate information must be held accountable. Today’s outcome reinforces the fundamental right to privacy, especially when it comes to sensitive health data.”
Meta disputed the jury’s decision and said it intends to challenge the outcome.
“We vigorously disagree with this outcome and are exploring all legal options. The plaintiffs’ claims against Meta are simply false,” a Meta spokesperson said. “User privacy is important to Meta, which is why we do not want health or other sensitive information, and why our terms prohibit developers from sending any.”
The class-action suit initially named Meta, Flo, Google, and analytics firms AppsFlyer and Flurry. Google reached a settlement in July, and Flo settled earlier this month.
The case has highlighted growing concerns about digital health privacy and the role of data-sharing practices in mobile apps. The decision could set a precedent for how U.S. courts approach the intersection of personal health data and targeted advertising.
Flo, which claims more than 100 million users, raised $200 million in Series C funding last year from General Atlantic, valuing the company at over $1 billion.
