Three tech companies have reached a multimillion-dollar settlement over the unauthorized sharing of sensitive user data collected from a fertility tracking app.
What happened
A settlement has been finalized, resolving multiple privacy lawsuits against Flo Health, Google, and Flurry over the alleged misuse of tracking code within the Flo Health fertility app. The code allowed user data to be shared without consent, violating privacy commitments made to users.
Under the terms of the settlement, the three companies will pay a total of $59.5 million: Google will contribute $48 million, Flo Health $8 million, and Flurry $3.5 million. The agreement resolves a consolidated case involving claims of privacy violations, contract breaches, and misuse of confidential health data.
Going deeper
Flo Health’s app, which has more than 38 million monthly users, prompts users to share detailed information about their menstrual cycles, sexual activity, and reproductive health. Although users were assured their data would remain private, the app’s embedded software development kits (SDKs) quietly transmitted that data to third parties, including Google and Flurry, without users’ knowledge or consent.
The consolidated lawsuit, Erica Frasco, et al v. Flo Health, Inc., Meta Platforms, Inc., Google LLC, and Flurry Inc., included claims of intrusion upon seclusion, breach of contract, violations of California’s medical privacy laws, and unjust enrichment.
Meta Platforms, initially a co-defendant, declined to settle. The case against Meta proceeded to trial, where a jury found Meta had violated the California Invasion of Privacy Act. Meta plans to appeal the decision.
Flo Health also agreed to additional non-financial terms. The company must display a prominent notice on its website for one year after final settlement approval, committing to improved privacy protections.
What was said
The final details of the settlement were submitted to Judge James Donato of the U.S. District Court for the Northern District of California. Attorneys representing the class will receive one-third of the total settlement, which also covers legal and administrative costs. The rest will be allocated to class members, individuals who used the Flo app between November 1, 2016, and February 28, 2019.
FAQs
What is a software development kit (SDK), and how did it compromise user data?
An SDK is a third-party tool that developers embed in apps to enable features like analytics or ads. In this case, SDKs transmitted sensitive user data to outside companies without user consent.
Why was Meta Platforms tried separately from the others?
Meta declined to settle and instead chose to defend itself in court. The jury found Meta violated California’s Invasion of Privacy Act, and Meta has stated it intends to appeal the verdict.
Who qualifies as a class member in this case?
Anyone who used the Flo Health app between November 1, 2016, and February 28, 2019, is considered part of the settlement class and may be eligible for compensation.
What non-monetary commitments has Flo Health made?
Flo Health will post a visible privacy notice on its website for one year after the settlement is finalized, affirming its commitment to user data protection.
How are settlements like this typically distributed?
Funds are divided between legal fees, administrative costs, and compensation for named plaintiffs and class members. Exact individual payouts depend on the number of claims filed and approved.
Farah Amod
