Meta Found Guilty of Using Flo App Data Without Consent

A jury found Meta guilty of contravening the California Invasion of Privacy Act for using data from the female health tracking app, Flo Health. A co-defendant in the trial, Flo, had reached a settlement with the plaintiffs earlier in the trial.

Claiming more than 420 million users worldwide, Flo acts as a “period tracker, ovulation tracker, pregnancy app.” Thus, it routinely handles sensitive sexual and reproductive health data, which plaintiffs allege was siphoned by Meta without their consent or knowledge. This includes information on their menstrual cycle, sexual activity, mood, health symptoms, and weight.

The Wall Street Journal originally reported Flo’s concerning data sharing practices in 2019, revealing how it and other companies divulge users’ most “intimate” secrets to third-party services. In response, the US Federal Trade Commission (FTC) launched an inquiry into Flo Health’s practices. This resulted in a settlement between the parties.

A class action lawsuit followed in 2021, filed with the US District Court for the Northern District of California.

Any individuals in the US who used the app between June 2016 and January 2021 were eligible to enroll in the class. Lawyers on behalf of the plaintiffs argued for $1,000 per person in minimum statutory damages. With roughly 40 million in monthly active subscribers at the end of this period, that would represent a massive total payout if the lawsuit were to succeed.

Alongside Google and Meta, the data was allegedly shared with “dozens of third parties” who used it for advertising purposes. Other defendants include digital advertising and analytics companies, such as AppsFlyer and Flurry.

The case against AppsFlyer was voluntarily dismissed in 2022. However, Flurry, now defunct, agreed to settle back in March of 2025, with Google reaching a settlement “in principle” in June. This left Meta as the last defendant standing until the recent verdict against it.

In its verdict, the jury found that the plaintiffs were able to prove that Meta had “intentionally eavesdropped and/or recorded their conversations” against a “reasonable expectation” as well as without users’ consent.

Meta has faced numerous similar privacy allegations in recent years, with costly financial outcomes. In August of last year, Meta was fined $1.4 billion by the state of Texas in one of the largest settlements of its kind. It was also fined $15 million by a South Korean court for illegally harvesting Facebook users’ data.