Flo Health Data Deletion

Data Deletion on the Flo Health App

/in /by

Flo Health Data Deletion

Flo Health, the owner and operator of the popular Flo Period & Ovulation Tracker app, was sued in federal court for allegedly sharing users’ personal health data with Meta (Facebook) and Google. Although Flo Health settled the class action lawsuit, the case still went to trial with Meta named as a defendant – and a jury issued a precedent-setting verdict against the social media parent company. Additionally, since Flo remains one of the most downloaded personal health apps in the United States, there are still concerns about user data being exposed to tech companies, data brokers, and others. That’s why it’s important to understand the steps needed for account deactivation and data deletion.

To learn more about how to safeguard your personal health data against privacy breaches on the Flo Health app, keep reading.

Flo Period Tracker App Captured Personal Health Data of Millions of American Women

Women’s health tech is more popular than ever, with millions of women in California and throughout the U.S. using apps, smartphones, and wearable technology to track their periods and fertility. As a result, this industry has become big business for companies that look to target users with online advertisements. According to media reports, women’s health startup companies have received more than $5 billion in investments in the last few years.

The Flo Health fertility-tracking app was reportedly “the first mobile application to make use of artificial intelligence to accurately predict reproductive cycles.” For many years, the Flo has been the #1 women’s health app accessed on U.S. mobile phones. Today, it is one of the most popular health & wellness apps in the world, with more than 38 million monthly users and nearly 200 million downloads. Anyone who has downloaded, used, or otherwise accessed the Flo Health app should be extremely careful about what kind of personal information they reveal. If necessary, users may want to submit a data deletion request to ensure that their information is wiped from the app.

Software Development Kit (SDK) Code Secretly Embedded on Flo Health App

The SDK code – or Software Development Kit code – embedded on the Flo Health app makes it easier to build apps and track user analytics.

Flo Health allegedly used the SDK code to access and then share – without consent – extremely sensitive health information about the app’s users, including:

  • Menstrual cycles
  • Pregnancy due dates
  • Sexual activity
  • Masturbation habits
  • Contraceptives used
  • Mental health
  • Other general health symptoms

This intimate health information shared with Meta, Google, and others gave those third-party companies valuable information about Flo Health’s users that could be used to create targeted advertisements.

Flo Health Privacy Policy

Flo Health told the users of its period-tracking app that their personal data would not be shared with third parties unless the user explicitly consented to the sharing. However, according to the class action lawsuit, users’ sensitive health information was shared with third parties like Meta and Google. Moreover, the lawsuit alleged that Flo Health’s terms of service did not place any restrictions on how third parties like Meta and Google could use the data shared with them.

If you used the Flo Cycle & Period Tracker app for any reason, it’s possible that your sensitive health information was exposed to third parties. One proactive step you can take to protect your data against further privacy breaches is to email Flo Health and submit a Data Deletion Request, which is referenced in the Privacy Policy.

Flo Health Sued in California Federal Court for Allegedly Sharing Customer Data with Meta and Google

Flo Health was sued in the U.S. District Court for the Northern District of California. The company was accused of quietly collecting users’ health information – such as menstrual cycle dates and pregnancy details – and then sharing the data with giant tech companies like Meta and Google.

The lawsuit, filed by a class of women who used the Flo app, alleged that Flo Health embedded software to eavesdrop on users and intercept their personal identifying information. Flo Health then allegedly shared that information with third parties like Meta, Google, and other tech & analytics companies. Flo Health and Google reached settlement agreements before the trial verdict, leaving Meta as the only defendant in the case.

No Consent

Meta and Google allegedly used the data shared by Flo Health to compile detailed individual profiles. This would then make it easier for the tech companies to create targeted advertising campaigns aimed at Flo Health’s users. However, users of the Flo period-tracking app did not consent to the harvesting of their personal health information, nor did they consent to the sharing of this data with third parties like Meta and Google.

Jury Verdict: Meta Liable for Damages in Flo Health Data Privacy Lawsuit

The trial in federal court culminated with a jury finding that Meta intentionally eavesdropped on Flo Health’s users and unlawfully recorded users’ protected health information without consent. Specifically, the jury declared that Meta violated multiple state consumer privacy laws, including the California Invasion of Privacy Act (CIPA) and the California Confidentiality of Medical Information Act (CMIA). When damages in the case are calculated, it’s possible that Meta will be subject to statutory penalties totaling $200 billion.

The ruling against Meta could have broader consequences for tech firms operating in the health industry going forward. Website operators, tech firms, digital advertisers, and any other companies that collect users’ personal data may now feel compelled to set boundaries when it comes to data harvesting. This is especially likely in the consumer health industry: health data companies will need to be extremely careful about how they collect users’ data. Without affirmative consent from customers, the owners and operators of health apps and websites could be subject to legal action.

Another lesson to be learned from the Flo Health data privacy case is that it might not be sufficient for companies to simply scrub user data after collection. That’s because the mere fact that data was collected in the first place could be enough to expose the operators of apps and websites to liability. Even if you submitted a data deletion request with Flo Health, it’s possible that your personal health information was already shared with data brokers and other third parties.

FTC Settlement: Flo Health Agreed to Keep Users’ Data Confidential

The class action lawsuit against Flo Health and Meta coincided with a government action brought by the Federal Trade Commission (FTC). Like the civil suit, the FTC lawsuit accused Flo Health of sharing users’ health information with marketing and analytics firms, including Facebook and Google. This allegedly happened despite promises by Flo Health that user information would remain confidential.

Flo Health ultimately settled the FTC action, with the women’s reproductive health company agreeing to instruct third-party companies to destroy any user health data that was unlawfully obtained via the menstrual tracking app.

California Consumer Privacy Act (CCPA) and Data Deletion Requests on the Flo Health App

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives consumers the right to delete their data after it has been collected. Compliance with these statutes is enforced by the California Privacy Protection Agency.

Data Deletion Requests

Anyone who created an account with Flo Health or who otherwise used the Flo app should consider exercising their privacy rights and submitting a data-deletion request. The Flo Health Privacy Policy provides users with details on how to request erasure of their accounts and all associated data.

As a California resident, you have a right to send a data deletion request and protect your personal information. You should be able to change the settings in the Flo Health app to deactivate your account. But you may need to take further action to delete your information entirely. To address privacy concerns about any data you’ve already shared on the app, you can email Flo Health customer support directly at support@flo.health. California consumer privacy laws, as well as the app’s terms of service, require Flo Health to fully erase your personal data from their backup systems upon request.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Did you download a health app on your mobile phone in California? If so, it’s possible that your personal health data was unlawfully shared with third parties. The good news is that California has some of the strongest consumer protection laws in the country. The Los Angeles consumer protection lawyers at Tauler Smith LLP represent victims of digital privacy violations. We can help you protect your data and get financial compensation for any data breaches that have already occurred.

Call 310-590-3927 or email us.

You might also like
PPP Loan Lawsuit Payment Protection Program (PPP) Lawsuit
CLRA Consumer Protection What Is the Consumers Legal Remedies Act?
Anxiety Supplement Lawsuit Natrol Class Action for Anxiety Supplements
Macy’s Beauty Box Lawsuit Macy’s Faces Lawsuit for Beauty Box Automatic Subscription
California Automatic Renewal Law California’s Automatic Renewal Law
NY Automatic Renewal Law New York’s Automatic Renewal Law