A California federal court jury delivered a guilty verdict Friday that found Meta Inc., the parent company of Facebook, Instagram and WhatsApp, liable for exploiting consumers’ sensitive reproductive health information for targeted advertising.
Eight women who used the popular period-tracking app Flo Health brought the case against Flo Health, Meta, Google and others, alleging that Flo Health shared their data through the tech companies’ software development kits, then used their health data for advertising.
The plaintiffs argued that Flo Health gave Meta, Google and dozens of other companies access to users’ health data from 2016 through 2019 despite assuring consumers of the opposite. Meta was the only defendant to not settle with the litigants before the jury reached a verdict.
According to court documents, Meta was found liable for violating the California Invasion of Privacy Act and the Confidentiality of Medical Information Act in a jury trial in the U.S. District Court for the Northern District of California.
Meta could face up to $190 billion in damages, according to reporting by FemTech Insider. Thirty-eight million women were included in the class action, and each violation of the California Invasion of Privacy Act can result in a penalty of $5,000.
The decision comes as other Big Tech companies made a commitment to President Donald Trump’s health department that they would hasten efforts to exchange patient health data with wearables companies, hospitals and electronic health record vendors.
“This verdict sends a clear message about the protection of digital health data and the responsibilities of Big Tech,” Michael P. Canty and Carol C. Villegas, lead trial attorneys in the case, said in a statement. “Companies like Meta that covertly profit from users’ most intimate information must be held accountable. Today’s outcome reinforces the fundamental right to privacy—especially when it comes to sensitive health data.”
The Flo Health app is a freely downloadable consumer health app that was said to be the “‘first mobile application to make use of artificial intelligence to accurately predict reproductive cycles,’” a court document says. The app prompted women to enter information about sexual activity, pregnancy goals and birth control methods.
Users of Flo Health that entered menstrual cycle and pregnancy-related information into the app between November 2016 and February 2019 may be entitled to compensation resulting from the class action.
Flo Health was taken to trial with Meta, but the company settled with plaintiffs July 31, the day before the jury delivered a guilty verdict. Google and Flurry, an analytics company, settled with the plaintiffs before the case went to trial.
The Federal Trade Commission reached a settlement with Flo Health in 2021 that required the company to gather affirmative consent from users to share their data. Despite the government orders and lawsuits, Flo Health raised $200 million last year to expand its operations.
The breach sparked a wider conversation about consumer-facing apps that are not covered by the Health Insurance Portability and Accountability Act privacy rule. Women became even less trusting of entering reproductive health information into apps after the Supreme Court, bolstered by new Trump appointees, overturned the federal right to abortion in June 2022.
Separately, 16 Republican attorneys general sent a letter to Congress last week asking leadership to preempt state telehealth shield laws for abortion. The attorneys general decried Democratic states’ use of shield laws to protect telemedicine providers that prescribe abortion medications across state lines. The shield laws in New York, Massachusetts and California prevent providers in their states from being criminally pursued, or extradited, by anti-abortion states for providing services.
“By encouraging medical professionals in pro-abortion states to violate pro-life States’ abortion laws, shield laws are antithetical to the spirit of federalism and the Dobbs decision by not allowing each state to regulate abortion as it sees fit,” the letter to congressional leadership, penned by Arkansas Attorney General Tim Griffin, said.
According to the latest data from #WeCount, approximately a quarter of all abortions in the U.S. are facilitated through telehealth visits and virtual prescribing of abortion-inducing medications.
“These Republican attorneys general are calling on Congress to criminalize modern medical care, rip apart state protections, and reach across borders to impose abortion bans on people living in states where abortion is legal,” Reproductive Freedom for All President and CEO Mini Timmaraju, said in a statement. “These attacks are another step toward a national backdoor abortion ban. Shield laws are one of the strongest tools we have to protect access in a post-Roe reality—and they’re working. These laws protect providers, helpers, and patients from extremists who want to weaponize the legal system to ban abortion everywhere.”