A San Francisco jury has ruled that Meta violated the California Invasion of Privacy Act by collecting sensitive data from users of the Flo period-tracking app without consent. The case, which dates back to 2021, involves eight women who sued Meta and other tech companies, including Google and Facebook, alleging that they improperly shared personal health data through the Facebook Software Development Kit. Although Meta contends that the jury got it wrong, the ruling could have significant implications for millions of affected users.
The case against Meta focused on its Facebook SDK, which Flo integrated into its app for analytics and advertising purposes. The women alleged that between June 2016 and February 2019, Flo sent Facebook data on users’ interactions with the app, including clicks on sections related to pregnancy and menstruation. This data was used by Facebook to personalize ads and content, according to the plaintiffs. While Google and Flo reached a settlement with the plaintiffs, Meta chose to fight the case, leading to its loss.
In a 2022 filing, Meta admitted that Flo used its SDK during this period and that the app transmitted data related to ‘App Events,’ but the company denied receiving intimate health information. The jury ruled against Meta, stating that users had a reasonable expectation of privacy and that Meta lacked proper consent to collect this data. The verdict could impact over 3.7 million users who registered between November 2016 and February 2019, with updates to be shared via email and a case website. The exact compensation or potential settlements remains uncertain.