But do apps protect our privacy? The case of Meta and Flo users' menstrual data
Meta faces renewed controversy after a controversial issue surrounding the potential sexually explicit conversations of chatbots targeting minors. A California jury has now convicted Meta of illegally collecting health data from users of the menstrual cycle tracking app Flo, in violation of the state's California Invasion of Privacy Act (CIPA). The verdict concludes a lawsuit filed in 2021 against Flo, Google, Meta, and analytics company Flurry, in which users accused the companies of collecting intimate information about their menstrual health without their consent for targeted advertising.
At the heart of the case is Flo's promise of confidentiality regarding its users' reproductive information. According to the lawsuit, between November 2016 and February 2019, Flo allowed Google and Meta to eavesdrop on in-app communications, violating CIPA. Flo, Google, and Flurry settled their cases before the trial with undisclosed out-of-court settlements ; only Meta remained in court.
The verdict against MetaThe jury reached its verdict last Monday, finding with a "preponderance" of evidence that Meta "intentionally intercepted and/or recorded conversations using an electronic device," without Flo users' knowledge. Any damages have not yet been determined, but keep in mind that each individual CIPA violation can result in a $5,000 fine and that the lawsuit was filed on behalf of "millions" of Flo users.
"This verdict sends a clear message about the protection of digital health data and the responsibilities of Big Tech," commented attorneys Michael P. Canty and Carol C. Villegas. "Companies like Meta that covertly profit from users' most intimate information must be held accountable."
For its part, Meta disputes the result and announces that it intends to appeal it: "We strongly disagree with this outcome and are exploring all legal options ," the company responded in a statement. "The plaintiffs' allegations against Meta are simply false. User privacy is important to Meta : we do not want health information or other sensitive data, and our terms prohibit developers from sending any such data."
Regardless, the case highlights a crucial issue: when promises of data protection collide with the collection of information for commercial purposes, the line between behavioral analysis and privacy violations can become a matter for the courts. We await the extent of the fines and the outcome of any appeal. But the first verdict undoubtedly marks a clear shift in the debate on digital health data protection and the transparency obligation for platforms and developers.
Luce
