Flo Health Settlement: A $59.5M Lesson on Intimate Data & Informed Consent

‍

A major data privacy settlement has been reached against Flo Health, the developer of a popular period-tracking app, along with tech giants Google and Flurry. The $59.5 million agreement resolves allegations that the "Flo Period & Ovulation Tracker" secretly shared users' highly sensitive personal health information including details on menstruation, pregnancy, and fertility plans with these third parties for advertising and analytics. The sharing occurred without proper user knowledge or consent, exploiting data collected between February 2016 and January 2024. The settlement awaits final court approval, with a claims process expected to open in the future.

‍

‍

Key Takeaways

‍

A violation of Data Protection Principles

• Transparency & Consent: Users were not adequately informed their sensitive data was shared with third parties, violating the requirement for clear, lawful consent.

• Purpose Limitation: Data collected for app functionality was repurposed for advertising/analytics without user knowledge.

• Data Minimisation: Sharing full, detailed health records with tech giants likely exceeded what was necessary for the app's core service.

• Accountability: The companies failed to demonstrate responsible data governance, leading to enforcement and significant financial penalties.

‍

‍