Two technology giants — Flo Health, Inc., the developer of a popular women’s health tracking app, and Google LLC — have agreed to pay a combined $56 million to settle a long-running class action lawsuit accusing them of unlawfully sharing sensitive user health data without consent.
The settlements, filed in late September, mark a significant moment in the ongoing legal battle over digital privacy and consumer data protection, particularly in the realm of women’s reproductive health apps, which have faced mounting scrutiny in recent years.
Background of the Case
The lawsuit, filed in 2021, accused Flo Health and Google of violating both the California Invasion of Privacy Act (CIPA) and the California Confidentiality of Medical Information Act (CMIA).
According to the plaintiffs, Flo allegedly used embedded software development kits (SDKs) that secretly transmitted users’ menstrual and pregnancy data, along with unique device identifiers, to third-party platforms like Google — all without user consent.
These allegations surfaced shortly after Flo reached a separate settlement with the Federal Trade Commission (FTC) over similar claims concerning the mishandling of sensitive health data.
Plaintiffs in the class action argued that both companies had misrepresented their privacy practices, misleading users into believing their most intimate health information would remain private.
Details of the Settlement
If approved by the court, the settlements will result in one of the largest privacy-related payouts involving a health tracking app to date:
- Google’s Settlement:
Google has agreed to establish a $48 million settlement fund to compensate Flo app users who entered menstruation or pregnancy data between November 1, 2016, and February 28, 2019.
Under the agreement, California residents who file claims will receive double the payout of other users. Google has not admitted liability as part of the settlement. - Flo Health’s Settlement:
Flo will contribute $8 million to the settlement fund and will also provide enhanced transparency measures. Once the settlement is finalized, Flo must prominently display a notice on its website outlining its “commitment to privacy”, accompanied by a visible link to its Privacy Policy in large font for one year.
Like Google, Flo has not admitted wrongdoing.
Legal and Industry Implications
The Flo-Google settlements underscore a broader wave of litigation targeting consumer health apps, which often collect intimate biometric and behavioral data outside the protections of traditional health privacy laws like HIPAA.
Legal analysts say the outcome could set a precedent for future lawsuits involving digital health tracking technologies, especially as states strengthen privacy statutes and enforcement mechanisms.
“These kinds of cases highlight how technology companies that handle personal health information are being held to the same standards as medical providers when it comes to privacy and transparency,” noted a data privacy expert familiar with the case.
Consumer rights advocates have also pointed out that the settlement comes at a time when reproductive health privacy has become a national concern, particularly following the rollback of Roe v. Wade. Apps that collect fertility or menstrual data are now being examined for how — and with whom — such sensitive data is shared.
Key Takeaways
- Total settlement amount: $56 million ($48M from Google, $8M from Flo Health).
- Applicable timeframe: Users who logged menstrual or pregnancy data between Nov. 2016 – Feb. 2019.
- Enhanced transparency: Flo must post a prominent privacy commitment notice.
- Legal context: Violations alleged under CIPA and CMIA, both of which carry significant statutory penalties.
- Industry impact: Signals increased litigation risk for consumer health apps using embedded tracking technologies.
The case serves as a stark reminder for tech companies operating in the health and wellness sector that user consent and transparent data practices are no longer optional — they are legal imperatives.
