Meta Found Liable for Harvesting Reproductive Health Data Without Consent

A California jury has determined that Meta violated state privacy laws through its collection of reproductive health data from users of the Flo Health period tracking app. The verdict in the class action suit Frasco v. Flo Health, Inc., heard in the United States District Court of Northern California, found that Meta violated the California Invasion of Privacy Act by harvesting menstrual data and intentionally eavesdropping or recording electronic conversations without consent.

The jury specifically examined whether evidence demonstrated that Meta intentionally eavesdropped on and recorded conversations through Flo's software development kits, and whether users maintained a reasonable expectation that their information would not be overheard or recorded. The jury's affirmative finding on these questions represents a significant legal determination in the realm of digital health privacy.

"This is a landmark moment in the effort to safeguard digital privacy rights," said Michael Canty of Labaton Keller Sucharow, the plaintiffs' legal representation. "Our clients entrusted their most sensitive information to a health app, only to have it exploited by one of the world's most powerful tech companies," he reportedly told the Courthouse News Service.

Meta's legal representative Michele Johnson of Latham & Watkins reportedly argued that the plaintiffs had agreed to Facebook's terms of service, suggesting this should have provided adequate consent for data collection practices.

This verdict adds to Meta's extensive history of data privacy controversies and legal challenges. The Federal Trade Commission fined Facebook $5 billion in 2019 for failing to comply with a 2012 agreement to protect users' data. Additionally, the European Union has found Meta in violation of EU privacy regulations.

The company's troubled relationship with data privacy gained widespread attention during the Cambridge Analytica scandal, where the political consulting firm was discovered using breached consumer Facebook data to inform client campaigns, including the 2016 presidential campaign of then-candidate Donald Trump. Following that revelation, Meta founder Mark Zuckerberg took to Facebook promising reform.

"We have a responsibility to protect your data, and if we can't, then we don't deserve to serve you," Zuckerberg said in a 2018 Facebook post. "I've been working to understand exactly what happened and how to make sure this doesn't happen again," said Zuckerberg. "The good news is that the most important actions to prevent this from happening again today we have already taken years ago," he said. "But we also made mistakes, there's more to do, and we need to step up and do it."

The ongoing privacy concerns have prompted calls from experts for renewed efforts to restore trust in big data handling. "There's this idea of having a safe haven, where safe people work on safe data, in safe places, with safe outputs, that is very much the mantra that we would like to emphasise," a group of experts stated in their paper published in The Lancet Oncology journal.

A Meta spokesperson told Reuters ahead of the trial that the company does "not want health or other sensitive information," and its terms "prohibit developers from sending any."

Click here for the original news story.