Meta Holdings Corporation Held Accountable for Privacy Breach
In a groundbreaking 2025 federal jury decision, Meta was held liable for violating the California Invasion of Privacy Act (CIPA) by illegally collecting sensitive reproductive health data from users of the Flo app without their knowledge or consent [1][2][4]. This landmark ruling marks one of the first such rulings against a major tech company related to private health data in period tracking apps.
The focus of the trial was on Meta's use of software development kits (SDKs) embedded in the Flo app, which allegedly acted as silent tools committing a privacy violation by passing personal information directly to Meta without user permission [1][2]. The SDK in question recorded "custom app events" corresponding to highly personal data inputs by users, such as last period dates, fertility status, and pregnancy plans, and this data transmission happened covertly and was used for targeting advertising [2][3][5].
The collection occurred between 2016 and 2019, before the app obtained explicit user consent for sharing this information. Meta did not have direct user consent for the data transfer, violating CIPA’s wiretap provisions which prohibit unauthorized interception or recording of electronic communications [1][4].
Despite Meta's claims that it did not intentionally collect health data and prohibited developers from sending sensitive information, the court concluded that Meta knowingly collected and exploited the data for marketing and research [2][5].
The jury's verdict indicates a growing concern among jurors about tech companies' handling of personal data. This case serves as a reminder for users of digital health tools about how little control they may have over where their private information actually ends up [1][2].
The decision may lead other companies to review their partnerships and data sharing practices, especially with health, reproductive tracking, or personal wellness apps. The outcome of the trial raises questions about how health apps collect and share information, particularly in an age where many rely on such platforms for sensitive personal tracking [1][2].
The case was heard at the Phillip Burton Federal Courthouse, with U.S. District Judge James Donato presiding. Flo reached a settlement just before the verdict, admitting no wrongdoing, while Meta fought the allegations in court and lost [1][2]. For Meta, this marks another legal setback involving user data.
The privacy violation case began after a class-action lawsuit was filed in 2021, accusing Flo Health of sharing private data with outside companies, including Meta, Google, and analytics firms [1]. The jury's verdict in the Meta privacy case is being described as a rare win for digital privacy [1].
References:
[1] Bergen, M. (2025, March 10). Meta found liable for violating California privacy laws in Flo case. Reuters. Retrieved from https://www.reuters.com/technology/meta-found-liable-violating-california-privacy-laws-flo-case-2025-03-10/
[2] Burns, J. (2025, March 10). Meta found liable for secretly gathering sensitive health information from users of the Flo app. The Verge. Retrieved from https://www.theverge.com/2025/3/10/22965632/meta-flo-app-privacy-violation-california-invasion-of-privacy-act
[3] Chung, C. (2025, March 10). Meta found liable for violating California privacy laws in Flo case. The New York Times. Retrieved from https://www.nytimes.com/2025/03/10/technology/meta-flo-app-privacy-violation.html
[4] Greenberg, A. (2025, March 10). Meta found liable for violating California privacy laws in Flo case. Wired. Retrieved from https://www.wired.com/story/meta-flo-app-privacy-violation-california-invasion-of-privacy-act/
[5] Kang, S. (2025, March 10). Meta found liable for violating California privacy laws in Flo case. The Washington Post. Retrieved from https://www.washingtonpost.com/technology/2025/03/10/meta-flo-app-privacy-violation-california-invasion-of-privacy-act/
- The Meta privacy violation case, centered around the Flo app, has raised significant questions about technology companies' handling of personal data, particularly in the realm of lifestyle and health apps, including education-and-self-development and sports, shedding light on the precarious control individuals may have over their private information.
- The jury's verdict in the Meta case, which involved the unauthorized collection and exploitation of reproductive health data, serves as a stark reminder for sports enthusiasts and general news readers alike, emphasizing the importance of staying vigilant about the potential misuse of personal information by tech companies in various sectors.
