Meta found liable for using period-tracking data from Flo Health
- 7 August 2025
- Meta has been found guilty by a Californian federal court of using sensitive personal data from period-tracking app Flo Health to run targeted ads
- Five women alleged that their health data was used for advertising between 2016 and 2019
- Flo Health, which denied the claims, agreed to a settlement out of court
Meta has been found liable by a Californian federal court for using sensitive personal data from period-tracking app Flo Health to run targeted ads.
Five women brought the class action law suit against Flo Health, Meta, Google and Flurry, alleging that their health data was shared by the app and used for advertising between 2016 and 2019.
According to documents from the US District Court for the Northern District of California, a jury found Meta liable for violating the California Invasion of Privacy Act and the Confidentiality of Medical Information Act.
A spokesperson for Meta told Digital Health News: “We vigorously disagree with this outcome and are exploring all legal options. The plaintiffs’ claims against Meta are simply false.
“User privacy is important to Meta, which is why we do not want health or other sensitive information and why our terms prohibit developers from sending any.”
Flo Health, which denied all of the claims, settled with the plaintiffs on 31 July 2025.
In a statement, published by PR Newswire, Flo said: “We have always maintained that the claims lacked merit, and as the case progressed, the lack of evidence to support these allegations became increasingly clear in court.
“Importantly, this settlement includes no admission of wrongdoing.
“We can now put the matter behind us so we can continue to focus on serving our customers and delivering our mission to advance the future of women’s health.”
Google and analytics firm Flurry settled with the plaintiffs before the case went to trial.
Meta could face up to $190bn in damages, according to FemTech Insider, which reported that 38 million women were included in the class action, and each violation of the California Invasion of Privacy Act can result in a penalty of $5,000.
Commenting on the case, Melissa Hall, legal director in MFMac’s healthcare and life sciences team, said: “The recent action brought against Flo Health signals a shift in how the public responds to data misuse.
“People are increasingly taking privacy into their own hands, with class actions now a powerful means of holding companies to account – and not just in the US, this is an option in the UK as well.
“For health and FemTech apps operating across jurisdictions, the message is clear: you must fully understand and comply with the legal frameworks in every region you serve.
“Although Flo Health denied the claims, it still faced significant legal costs and reputational damage before agreeing to settle.”
She added that in the UK and EU, health data is classed as ‘special category data’, meaning it is subject to stricter rules under data protection law.
“If those standards aren’t met, the legal and reputational consequences could be severe. This case is ultimately about more than compliance – it’s about trust.
“Health apps handle deeply personal information, and once trust is damaged, it can be difficult, and costly, to win back,” Hall said.
Flo Health became Europe’s first FemTech unicorn in July 2024 after raising more than $200 million (£155.7m) in Series C investment.
