Meta found guilty of cashing in on intimate data

Published: 6 August 2025
Last updated: 7 August 2025
Flo
Image by Cybernews

Meta was found guilty of violating privacy laws by quietly harvesting sexual health data from Flo, a period-tracking app used by millions.

A California jury has slammed Meta, unanimously finding the tech giant guilty of violating the California Invasion of Privacy Act after it quietly used sensitive data from the popular period-tracking app Flo to fuel its advertising machine.

Flo, an app with more than 70 million monthly users, allows people to log deeply personal information: period dates, ovulation windows, sexual activity, symptoms, and health concerns. All of which was supposed to stay private.

ADVERTISEMENT

Years of legal fight against big tech harvesting data

The verdict follows a years-long legal dispute that first caught the eye of the Federal Trade Commission (FTC) in 2020 after reports revealed that Flo was quietly leaking user health data to big tech players without informed user consent.

FTC dropped a formal complaint in 2021 that Meta, Fabric (formerly Twitter’s SDK and now part of Google’s Firebase), and analytics firm Flurry had been tapping into Flo’s data as far back as 2016.

Has my data been leaked?
Check Now

Google and marketing firm AppsFlyer joined the party in 2018. Despite Flo’s own privacy policy promising users that their data wouldn’t be sent to third parties without explicit consent, the app allowed Meta to harvest "Custom App Events" data. This data included private information like pregnancy tracking or period start dates, according to a complaint in 2021.

Flo eventually settled with the FTC. While it did not admit wrongdoing, the company agreed to instruct third parties to delete any improperly shared data, submit to a five-year compliance monitoring program, and undergo a comprehensive privacy audit.

But for many users, the settlement wasn’t enough. In 2021, a group of plaintiffs filed a class-action lawsuit, accusing Flo and its data partners of invading their privacy, breaching contracts, and violating federal and state laws, including California’s medical privacy regulations and the Stored Communications Act.

ADVERTISEMENT

AppsFlyer was dismissed from the class-action lawsuit in 2022, and both Flurry and Google agreed to settle. Meta continues to deny any wrongdoing.

“Historic victory” against big tech

The lead trial attorneys in the case, Michael P. Canty and Carol C. Villegas, claimed that the verdict sends a clear message about the protection of digital health data and the responsibilities of big tech.

“Companies like Meta that covertly profit from users’ most intimate information must be held accountable. Today’s outcome reinforces the fundamental right to privacy, especially when it comes to sensitive health data,”

attorneys were quoted on Lebaton Keller Sucharow law firm website.

The firm brought forward testimonies of five women, who shared their personal stories and the intimate health data they entered into the Flo Health app, including details about their menstrual cycles, sexual activity, and pregnancies. “This case was about more than just data – it was about dignity, trust, and accountability,” said Villegas.

“The jury’s decision affirms that no company, no matter how large, is above the law when it comes to protecting consumers’ most intimate information.”

Flo shares your data with third parties

Cybernews’s previous research into Flo showed that as well as the sensitive health data users share with the app, it can also quietly collect data from the device. As the developer itself indicates on the App Store, it can collect up to 15 different data points.

It also notes that certain types of data, including purchase history, coarse location, user ID, device ID, and product interaction, may be used to track users across apps and websites owned by other companies.

In its privacy policy on the website, Flo notes that it shares some non-health personal data with AppsFlyer to promote Flo’s services, which in turn sends user data to integrated partners like Pinterest, Google Ads, Apple Search Ads, Meta Audience, and others.

ADVERTISEMENT
Flo data sharing policies

Femtech apps collect a lot of data

The femtech market is estimated to reach approximately $7.5 billion in 2024 and is forecasted to nearly double by 2029. Since women consult FemTech apps in the most intimate moments of their lives, be it an abortion or sexual stamina, privacy is critical.

A 2022 JMIR European data privacy survey of nearly two dozen women’s health apps found that most apps allowed behavioral tracking, more than 60% tracked user locations, and over 90% shared user data with third parties.In the best-case scenario, this​​ means advertisers can tap into private data to try to sell a health product or service. In the worst-case scenario, the data could be exploited by law enforcement to target women exercising their reproductive rights.

Privacy and women’s rights groups have warned that the personal data collected from these apps could be used to prosecute women seeking or having abortions in the jurisdictions where it is illegal.

Cybernews’s previous research into femtech apps showed that all apps collect personal data from users’ devices, whether just to keep the app running or for profit purposes. They may also share your data with third parties.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked