FTC agrees with the developer of the fertility monitoring app on well being information disclosure
On January 13, 2021, the FTC announced that fertility app developer Flo Health, Inc. (“Flo”) agreed to a settlement on allegations that the company would provide app users’ health information despite information provided by Flo to data analytics providers shared by third parties would keep such information private.
The FTC claimed that Flo, a developer of a popular mobile application used by more than 100 million consumers to track menstrual and ovulatory cycles, made a promise to keep users’ health data private and only use it to provide services for app- User but actually sharing the data (e.g. the fact that a user is pregnant) with third party marketing and analytics services. The complaint also alleged that Flo did not impose any restrictions on the use of this health information by third parties and that Flo continued to disclose sensitive health information unhindered until a February 2019 news article revealed it. In addition, the FTC alleged that Flo, which is certified under the EU-US and Swiss-US Privacy Shield Frameworks, violated the Privacy Shield Principles, Choice, Accountability for Onward Transfer, and Data Integrity, and Purpose Limitation.
The proposed deal would prevent Flo from misrepresenting: (1) the purposes for which data is collected, used and disclosed; (2) the extent to which consumers can control the purposes for which their data is used; (3) Flo’s compliance with data protection, security, or compliance programs; and (4) how Flo collects, maintains, uses, discloses, deletes or protects the personal information of app users. The proposed settlement also provides for Flo to notify affected users of their personal information being shared with third parties and to instruct any third party recipient to destroy Flo users’ health information.