FTC Alleges Fertility-Tracking App Developer Misled Users on Private Data

Flo “disclosed health data from millions of users of its Flo Period & Ovulation Tracker app to third parties that provided marketing and analytics services to the app, including Facebook’s analytics division, Google’s analytics division, Google’s Fabric service, AppsFlyer, and Flurry,” the FTC said. Commissioners Rohit Chopra and Rebecca Kelly Slaughter dissented in part, saying the agency should have charged the company with violating the Health Breach Notification Rule, for which the agency has never brought action. Commissioner Noah Phillips disagreed with the Democrats: “We have never applied the Rule to a health app such as Flo in the past, in part because the language of the Rule is not so plain. And I do not support announcing such a novel interpretation of the Rule here, in the context of an enforcement action.” The company faces civil penalties of up to $43,792 for any future violations. Flo didn’t share usernames, addresses or birthdays, a spokesperson emailed, noting the settlement included no admission of wrongdoing: “We do not currently, and will not, share any information about our users’ health with any company unless we get their permission. We have a comprehensive privacy framework with a robust set of policies and procedures to safeguard our users’ data.” The consent order includes a company compliance review, the spokesperson added.