A jury in California has delivered a verdict declaring that Meta has unlawfully gathered health-related data from users of the Flo period-tracking application, in violation of the state’s wiretap statute. This ruling stems from a lawsuit initiated in 2021 against Flo, Google, Meta, and Flurry, an app analytics firm, which accused the companies of collecting personal menstrual health data without users’ consent for marketing purposes.
The lawsuit criticized Flo for purportedly breaching its promise to safeguard sensitive reproductive health information, alleging that between November 2016 and February 2019, Flo permitted Google and Meta to monitor in-app communications, thereby violating California’s Invasion of Privacy Act. Prior to the trial, the claims against Flo, Google, and Flurry were resolved through undisclosed settlements, leaving Meta as the sole defendant.
On Monday, the jury found that there was a “preponderance” of evidence indicating that Meta had “intentionally eavesdropped on and/or recorded conversations using an electronic device” without the knowledge of Flo app users. While the specifics of financial penalties are yet to be determined, each violation of the California Invasion of Privacy Act carries a potential fine of $5,000, affecting “millions” of users represented in the lawsuit.
In a statement regarding the verdict, lead attorneys Michael P. Canty and Carol C. Villegas emphasized the importance of protecting digital health data and holding tech companies accountable. “This verdict sends a clear message about the protection of digital health data and the responsibilities of Big Tech,” they stated. “Companies like Meta that covertly profit from users’ most intimate information must be held accountable.”
Meta has expressed its intention to challenge the verdict, asserting its disagreement with the jury’s decision.
“We vigorously disagree with this outcome and are exploring all legal options,” the company stated in a comment reported by TechCrunch. “The plaintiffs’ claims against Meta are simply false. User privacy is important to Meta, which is why we do not want health or other sensitive information, and why our terms prohibit developers from sending any.”
