Flo Health, a fertility app with more than 100 million users, has settled a complaint with the Federal Trade Commission that the company shared user information it promised to keep private with data analytics providers.
Flo Health offers a number of digital services that inherently handle sensitive data, such as fertility calendar and menstrual tracking, “secret chats” discussing intimate topics, pregnancy and post-pregnancy modes and more. The app boasts it is the No. 1 period tracker in the U.S.
Instead of keeping user super intimate data about users’ health as promised, Flo Health allegedly handed user information to companies like Google, Facebook and other analytics firms, according to the FTC complaint. Worse, Flo Health didn’t limit how these companies could use the data, which meant personal health information could be used for advertising.
“These users trust [Flo Health] with intimate details of their reproductive health because [Flo Health] repeatedly promised to protect the information and keep it secret,” the FTC complaint reads. “Indeed, [Flo Health]’s privacy policies stated, time and again, that [Flo Health] would not share users’ health details with anyone.”
Users were likely unaware of these data sharing practices until The Wall Street Journal analyzed and published the data sharing activity of a number of apps in 2019. The report concluded Flo allowed Facebook to know when a user had their period or were trying to get pregnant. The revelation led to “hundreds of complaints from the app’s users,” the FTC stated.
Flo did not admit any wrongdoing in the settlement. In fact, the company vehemently denies doing anything wrong by its users.
“Flo did not at any time share users’ names, addresses, or birthdays with anyone. We do not currently, and will not, share any information about our users’ health with any company unless we get their permission,” reads a company statement about the settlement.
As part of the settlement, Flo Health is required to obtain an independent review of its privacy practices and receive consent from users before sharing their health information. The company is also prohibited from misrepresenting how it uses and shares data. No financial terms of the settlement were noted in the announcement.
“Apps that collect, use and share sensitive health information can provide valuable services, but consumers need to be able to trust these apps,” Andrew Smith, director of the FTC’s Bureau of Consumer Protection, said in an announcement of the settlement. “We are looking closely at whether developers of health apps are keeping their promises and handling sensitive health information responsibly.”
While all five of the FTC’s commissioners voted for the settlement agreement, two issued a statement favoring more enforcement action.