Meta Faced Liability for Privacy Infringement
In a landmark decision, a federal jury in San Francisco has ruled that Meta, the parent company of Facebook, violated California's privacy laws by secretly gathering sensitive health information from users of the Flo period and pregnancy tracking app.
The case, known as Frasco v. Flo Health Inc., centered on the allegations that Flo Health, the app's developer, incorporated software development kits (SDKs) from Meta and others into its app, which allowed these third parties to access confidential health information of millions of users without their informed consent.
Meta, however, fought the allegations in court but lost. The jury found that Meta had knowingly recorded private details from millions of women without obtaining proper consent, violating the California Invasion of Privacy Act.
The trial focused on Meta's handling of sensitive health information from users of the Flo app. Testimony during the trial supported the idea that users were unaware their health information was being collected and used in ways not clearly described in any data policy.
The case began after a class-action lawsuit was filed in 2021, accusing Flo Health of sharing private data with outside companies, including Meta, Google, and analytics firms. Flo reached a settlement just before the verdict, admitting no wrongdoing. Google settled earlier this month.
The focus of the trial was on the app's use of SDKs, which allegedly acted as silent tools committing a privacy violation by passing personal information directly to Meta without user permission.
This marks another legal setback involving user data for Meta. The verdict could force tech companies to take user privacy more seriously, according to advocates for the plaintiffs. The decision shows that jurors are paying attention to how tech companies handle data and may no longer accept vague disclosures or general terms of service as meaningful consent.
For users of digital health tools, the case serves as a reminder of how little control they may have over where their private information actually ends up. The outcome may lead other companies to review their partnerships and data sharing practices, particularly in relation to health, reproductive tracking, or personal wellness apps.
In summary, the Flo-Meta case underscores the privacy risks posed by third-party SDKs in mobile apps. These SDKs can expose sensitive personal data, such as reproductive health information, to powerful tech companies without explicit user consent, violating privacy laws like California’s Invasion of Privacy Act. It highlights the importance of stringent data governance, clear user consent, and regulatory oversight over SDK integrations in apps dealing with highly private user data.
- Despite Flo Health's settlement over allegations of sharing private data, the trial's focus on Meta's handling of sensitive health information from users of the Flo app may lead to changes in how technology companies handle health-and-wellness data, such as women's health, as the decision could encourage stricter data governance and clearer user consent.
- The jury's finding that Meta violated the California Invasion of Privacy Act by recording private details from millions of women without obtaining proper consent raises concerns about the use of technology, including software development kits (SDKs), in collecting sensitive health information for science and general news purposes, potentially impacting user trust and privacy protections.
