In a landmark privacy case that has drawn international attention, Google, Flurry Analytics, Meta, the parent company of Facebook and Instagram, was found guilty by a California jury of violating the Privacy Act by intercepting and monetizing private reproductive health data collected from the Flo period tracking app.
The case revealed that between November 2016 and February 2019, the Flo app allegedly shared sensitive menstrual cycle and pregnancy data of around 1.6 million U.S. users without their consent. This information was reportedly used to develop targeted advertisements, raising significant ethical and legal questions about the handling of women’s health data in digital spaces.
According to court documents, Flo Health shared user information — including data on menstrual cycles, sexual activity, and pregnancy tracking — with third-party companies such as Meta and Google.
Google settled the case for $48 million.
Flurry Analytics, a mobile tracking company, paid $3.5 million.
Flo Health, the app developer, agreed to pay $8 million.
Meta appealed the ruling but lost, with the jury concluding that the company profited from unlawfully obtained personal data.
Each violation of the Privacy Act carried a penalty of $5,000 per person, and an additional $1,000 under federal medical privacy laws, potentially bringing Meta’s liability to over $8 billion.
Flo Health was accused of secretly transmitting data that included:
Menstrual and ovulation tracking logs
Pregnancy and fertility records
Personal notes related to sexual activity and mood
This information was sent to advertising platforms to create personalized ad profiles — a direct violation of user trust and data protection principles.
Digital health apps — particularly period tracking and fertility apps — are increasingly under scrutiny for data-sharing practices.
Experts warn that health-related metadata (e.g., patterns of app usage, symptom entries, and GPS activity) can indirectly reveal intimate medical and reproductive details.
This concern has intensified since the overturn of Roe v. Wade in the U.S., where such data could theoretically be used in legal investigations related to reproductive health decisions.
Legal scholars note that this case sets a precedent for holding tech giants accountable for violations of medical privacy laws, which traditionally applied to healthcare providers but are now expanding to cover digital health platforms.
This lawsuit highlights a growing intersection between healthcare, data privacy, and technology.
For millions of users, health-tracking apps serve as digital health diaries — yet most users are unaware of how their information is stored, shared, or monetized.
The Meta–Flo case serves as a cautionary tale for both users and developers to implement transparent data policies, explicit consent mechanisms, and stronger encryption for reproductive health data.
“Meta, Flo, and Data Privacy Lawsuit.” CyberNews, October 2025. https://cybernews.com/privacy/meta-flo-period-data-privacy-lawsuit
Fowler, Geoffrey. “Flo Period App Shared Data Without Consent.” The Washington Post, August 7, 2025. https://www.washingtonpost.com/technology/2025/08/07/tea-app-flo-data-breach-safety-privacy
(Rh/eth/TL)
