美女免费一级视频在线观看

Four years after consumers first filed a class-action lawsuit against Meta, Flo Health, Google and Flurry, a jury in California has finally made a decision regarding the case. 

On August 1, a jury ruled that tech giant Meta violated California’s Invasion of Privacy Act as it “intentionally” recorded sensitive health information of millions of women through the menstrual tracking app Flo. 

The jury gave a verdict on three questions. 

They said that Meta intentionally eavesdropped on users’ sensitive information like menstruation cycles and pregnancy data, and that users could have reasonably expected that their health data was not being shared with Meta. 

The jurors also ruled that Meta did not have consent to gather this information. 

The plaintiffs focused on a specific aspect of Flo’s health app design. The company used software development kits (SDKs) — prewritten pieces of code that developers use to track analytics or build apps — from Meta to build its platform. They argued that these SDK kits acted like recording devices, channeling sensitive data from users to Meta. 

Meta denied this accusation during the trial, claiming that it did not intentionally try to access users’ health data from the Flo app. 

While damages have not yet been delivered, lawyers, pharma thought leaders and health and product experts have said this decision could have future implications on health tech and marketers in the space. 

“While a lot of these sort of privacy tracking, privacy technology cases run back now, like five, six years, seven years, they still have implications for those in the space, and what we need to consider when building out products,” said Dan Vorhaus, the Chief Operating Officer and General Counsel at Ostro, a health tech solution that connects HCPs and patients with information and education about their health. 

A long time coming 

The controversy around Flo Health is not a new issue. 

The app initially launched in 2016 to help users track periods, pregnancy and ovulation. Users input information like period and pregnancy dates, and the length of their menstrual cycle. 

In 2021, plaintiffs part of a class action lawsuit sued the company, alleging that it had improperly shared personal health data with third parties. The third-party defendants included Meta, Google, AppsFlyer (an ad analytics company) and Flurry (an analytics company). 

That same year, the Federal Trade Commission (FTC) sued Flo Health for sharing health information of its users with outside analytics providers after promising that the information would be kept private. The company settled with the FTC that year. 

Google reached a settlement with the class in principle earlier this month. Flurry settled with users in March, and the case was dropped against AppsFlyer in 2022. 

Flo Health also reached a settlement with users last month, in the midst of the trial between the class and Meta. However, in a statement, the company defended its actions, claiming no wrongdoing. 

“We have always maintained that the claims lacked merit, and as the case progressed, the lack of evidence to support these allegations became increasingly clear in court,” the company said, according to reporting from Courthouse Service News. 

During the trial, the plaintiffs argued that the SDKs that Flo had embedded into its service acted as a “recording device,” and that Meta intentionally used these kits to record communications through custom logs like “R_SELECT_LAST_PERIOD_DATE.” 

The plaintiffs argued that Meta received data for each question users answered during the custom survey on the Flo platform, and that the data collected was used for advertising. 

The plaintiffs also argued that the users had a reasonable understanding of the privacy they would be afforded on the app, and that Meta did not have the consent to collect their personal information. 

Meta, however, disputed these claims, especially the notion that they were intentionally eavesdropping. 

Meta’s lawyer, Michele D. Johnson of Latham & Watkins, said that Flo created the custom survey on the app platform and was in control of what was sent to Meta. Plus, she noted that SDK’s don’t work like a device that is constantly recording and transmitting information, rather it sits on an app and shares nothing unless a developer reaches out. 

According to TechCrunch, Meta disagreed with the verdict and said it never eavesdropped on users. 

“We vigorously disagree with this outcome and are exploring all legal options. The plaintiffs’ claims against Meta are simply false. User privacy is important to Meta, which is why we do not want health or other sensitive information, and why our terms prohibit developers from sending any,” a company’s spokesperson said in a statement to TechCrunch. 

MM+M reached out to Flo Health and Meta, but they have not responded to requests for comment. 

Implications for healthcare companies 

Since the verdict, the case has caught the industry’s attention. 

Health industry experts largely agree this case has implications on health data privacy and should serve as a warning to health companies.

“Firstly, they say California privacy law usually leads the way in terms of what is going to be adopted later on. This case is interesting because they didn’t just invoke CCPA. They had to go into some pretty ancient privacy law from way back when to make their case,” said Sanjeev Menon, head of partnerships at Ubie, a healthcare company that developed a symptom checker to assist patients in uncovering and understanding their diagnosis. 

“The fact that this case was successful sends a very interesting wake-up call to the industry. You think that you are being compliant, but will your compliance stand up in a court of law?” he added. 

Menon, alongside colleague Alexander Kerman, head of Life Sciences at Ubie Health, stressed that companies should evaluate the way their products are designed and whether they are current with their compliance. 

While the verdict currently only stands in California, they noted that it is “still early,” and Meta may escalate the case to a point where it becomes national. 

Plus, Menon also underscored that a jury was the final decision maker in this case, and advises the industry to look at these issues in a way that a jury would. 

While the case deals with Flo’s practices of using SDKs between 2016 and 2019, Kerman noted that this is still relevant as SDKs are still being used in industry in 2025. 

He advises health tech companies to be wary of their development practices, and the way they build their platforms. 

“As a health tech company ourselves, we don’t want to over rely on big tech. We develop our own tools and that is absolutely essential,” said Kerman.  

“The flip side of that is if a life sciences company is thinking about partnering with a health tech company, there can be an advantage to betting on the Davids rather than the Goliaths,” added Kerman, emphasizing the advantage of working with smaller tech companies who aren’t necessarily a data behemoth that regularly collect and store data outside of partnerships. 

Since SDKs are still the typical industry standard, he added that companies should review their data codes to see if they understand the information being collected and how it is being handled. 

Uncertainty in the health data privacy world 

Another concern for the industry is how this case could shape the future of health data privacy. 

While Flo Health is a health tech company, it is not technically HIPAA compliant like companies in the traditional healthcare and pharmacy space as they are not delivering care to the patient the way a provider would.

However, as the jury ruled against Meta in this case, it’s an indicator that menstrual data and pregnancy data is considered sensitive healthcare data. 

Jack Vance, IPG Health’s Chief Data and Activation Officer said that if the case progresses, companies should pay attention to the following question: How is sensitive health data defined? Is it defined by the nature of the data (eg. menstrual data) or by HIPAA rules? Or something else entirely?

“There are more and more places where your healthcare information is getting collected now than it has ever before,” said Vance. “If your company has a partnership with something like an app or wearable device, you need to be aware of what goes on.”

This specific case was a ruling against Meta and not Flo Health, and so if the case was against the health tech company itself, would the ruling and verdict have been the same?

Vorhaus underscored this, also adding that while there is a large perception that pharma is covered by HIPAA compliance, it is not always the case that they are actually covered by it.  

“When you think about what HIPAA covers, its healthcare providers, it covers healthcare clearing houses, and it covers health plans. But now pharma companies may have parts of their business that are covered by HIPAA, especially once you get into clinical trial work, but not every aspect is,” said Vorhaus. 

This is why it’s especially important for pharma companies to pay attention to cases like these, and look at their operations and who they are partnering with. 

This is also something pharma companies should consider with the rise of direct-to-consumer platforms, which may hand off its patients to other health tech companies. 

How healthcare marketers should respond

When it comes to communications, branding and response, there is a fine line that marketers need to toe. 

Gil Bashe, Chair of Global Health and Purpose at Finn Partners said that health tech companies should model themselves more like pharma, emphasizing a commitment to healthcare data and privacy, and adopt practices around HIPAA, which have generally created longstanding trust between patients and providers.

“The pharmaceutical industry sees themselves as really making sure that HIPAA is always first and foremost, they understand that people have to opt in,” said Bashe. “They have language that has to be at a fifth or sixth grade reading level to make sure that people understand the data that’s given to them, which is something technology should largely adopt.”

Allyson Wuensch, Client Partner at Kantar, a global marketing and data insights firm, said that while there is merit in this approach, the industry should also meet people in the middle and adopt a privacy first approach where insight about how data is transferred and handled is transparent at every level. 

“Being proactive and communicating that transparency and leaving patients feeling empowered about how we’re using data is so important,” said Wuensch. 

When it comes to communications, product planning and the future of healthcare, Vorhaus emphasizes the need to look and evaluate current initiatives, and center transparency around those practices. 

“The question that we should really be asking ourselves as people who care about trying to build and maintain and earn that trust is, what practices are we doing today that may result in a case like this in the future?” he said. 

“AI is obviously a great fertile ground for that right? What are the ways that companies are making use of AI tools? There is a black box similarity between it and so many websites and tools that emerged five, 10 years ago. And so we need to focus on creating transparency around that too,” concluded Vorhaus.