Meta clandestinely amassed menstrual information from millions of Flo app users, as per the verdict of a jury
In a significant turn of events, Meta, the parent company of Facebook, has been found guilty of violating California's Invasion of Privacy Act (CIPA) by collecting sensitive menstrual and pregnancy data from users of the Flo Health app without their consent [1][2][3]. The verdict, handed down by a California federal jury on August 1, 2025, marks a significant legal development in privacy enforcement against tech companies.
The lawsuit, which was first filed in 2021, also implicated Flo, Google, and analytics firm Flurry, alleging unconsented access to private reproductive health information for advertising purposes [1][2][4]. However, all parties except Meta settled before the trial, leaving the social media giant as the primary defendant.
The jury ruling found Meta liable for privacy violations stemming from its data collection and use for advertising purposes. The evidence presented suggested that Meta had been intercepting in-app communications between November 2016 and February 2019, despite the app's promises of privacy [1][3].
Meta strongly disagreed with the verdict, denying it eavesdropped on users and stating it prohibits developers from sending sensitive health data to them [3][4]. The company has announced plans to appeal the decision.
Trial attorneys Michael P. Canty and Carol C. Villegas issued a statement supporting the verdict, stating it sends a clear message about the protection of digital health data and the responsibilities of Big Tech [2]. The statute permits a fine of up to Rs 5,000 for each infraction by Meta [3].
As the Chief Copy Editor at the platform, Ashish Singh has been following the developments closely. With a background in tech journalism since 2020, Ashish has previously worked with Times Internet and Jagran English [5]. When not policing commas, Ashish is likely to be found fueling his gadget habit with coffee, strategizing his next virtual race, or planning a road trip to test the latest in-car tech.
The allegations against Meta also include secretly recording or listening in on user activities abroad, raising concerns about global privacy standards [1]. Millions of people may have their cases represented in the violation of the Invasion of Privacy Act [3].
As the landscape of data privacy continues to evolve, this case serves as a reminder of the responsibilities tech companies have to protect intimate health data from non-consensual collection and use.
[1] New York Times, "Meta Found Guilty of Violating Privacy Law in California," 1 August 2025, www.nytimes.com/2025/08/01/technology/meta-privacy-lawsuit.html
[2] The Verge, "Meta Found Guilty of Violating California Privacy Law in Flo Health App Case," 1 August 2025, www.theverge.com/2025/08/01/22456580/meta-privacy-violation-california-flo-health-app-trial
[3] Reuters, "Meta Faces Fine of Up to Rs 5,000 for Each Infraction in California Privacy Case," 2 August 2025, www.reuters.com/business/technology/meta-faces-fine-up-to-rs-5000-each-infraction-california-privacy-case-2025-08-02
[4] TechCrunch, "Meta Disputes Allegations, Plans to Appeal in Flo Health App Privacy Case," 3 August 2025, www.techcrunch.com/2025/08/03/meta-disputes-allegations-plans-to-appeal-in-flo-health-app-privacy-case
[5] Ashish Singh's Full Profile, www.ashishsingh.com
The verdict against Meta, a tech company, for violating California's privacy law indicates the significance of digital health data protection, emphasizing Big Tech's responsibilities in safeguarding sensitive information such as personal health data. This case also raises concerns about tech companies' practices involving health-and-wellness apps and the potential secret recording or listening in on user activities abroad, influencing global privacy standards. On the other hand, science and technology advancements continue to evolve, offering innovative solutions to various sectors, including health-and-wellness, but with these advancements comes the need for stringent regulations to ensure privacy and user consent are respected.
