‘Flo’ Period Tracker App Faces New Class Action Lawsuit Trouble

Published on September 10, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

A class-action lawsuit has been filed in a California federal court recently, naming the "Flo Health. Inc" app, Facebook, Google, AppsFlyer, and Flurry as defendants. The plaintiffs seek compensation for the privacy breach they suffered as a result of using the app, which shared their sensitive and intimate health data with the named third parties, even though the app’s privacy policy assures the user that this data wouldn’t be shared with anyone. That is unless the data sharing is required to provide the service, and even then, consent would be required.

In reality, Flo Health shared some of the users’ health information with other entities without asking for the user’s consent and without this being a technical requirement for the provision of the service. For example, Flo Health used Facebook’s SDK, giving the social media giant access to this data for purposes of targeted advertising and analytics. Also, the lawsuit alleges that the non-Flo defendants knew that the data they received from the app was collected without consent, but didn’t do anything to stop it.

This is actually the third lawsuit of this kind that targets Flo Health and follows a settlement between the app developer and the Federal Trade Commission last January. In summary, the newest lawsuit presents the offenses of a.) privacy invasion, b.) breach of contract, c.) violation of the federal Stored Communications Act. As for the non-Flo defendants, they are accused of “aiding and abetting”. California has strict medical confidentiality laws, so the choice of the particular court wasn’t random either.

As we discussed back in September 2019, menstruation apps (period trackers) are a threat to women's privacy and this is something that has been suspected since 2018. As a relevant study conducted by ‘Privacy International’ revealed at the time, roughly 2/3 of all apps of this kind (including Flo) are using the Facebook SDK, giving away users’ sensitive medical info to the social media giant. This is basically how these “free” apps are making money (even though Flo also has a paid subscription), but it even applies to some paid apps as well.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: