A California jury has found that Meta violated state privacy laws with its collection of reproductive health data.
In the class action suit, Frasco v. Flo Health, Inc., heard in the United States District Court of Northern California, the jury this week said Meta, a named defendant, had violated the California Invasion of Privacy Act when it harvested menstrual data from the Flo Health app, and it intentionally eavesdropped or recorded electronic conversations without consent.
WHY IT MATTERS
"This is a landmark moment in the effort to safeguard digital privacy rights," said Michael Canty of Labaton Keller Sucharow, the plaintiffs' legal representation. "Our clients entrusted their most sensitive information to a health app, only to have it exploited by one of the world’s most powerful tech companies," he reportedly told the Courthouse News Service.
The jury form asked whether the evidence showed "Meta intentionally eavesdropped on and/or recorded" conversations through Flo's software development kits and that users had "a reasonable expectation" the information was not "overhead and/or recorded."
THE LARGER TREND
Meta legal representative, Michele Johnson of Latham & Watkins, reportedly told the news service that the plaintiffs agreed to Facebook’s terms of service.
But this isn't the only time Meta has been in court, questioned by lawmakers about its healthcare data collection policies or been caught up in regulatory violations.
The Federal Trade Commission fined Facebook $5 billion in 2019 for failing to comply with a 2012 agreement with the regulator to protect users' data, according to a story from Reuters earlier this month, and the European Union said Meta violated EU privacy regulations.
The tech company has a now lengthy history of being caught up in data privacy scandals and health data privacy lawsuits after the political consulting firm Cambridge Analytica was found to be using breached consumer Facebook data to inform client campaigns, including the 2016 presidential campaigns of then-candidate Donald Trump.
At the time, Meta Founder, Chairman and CEO Mark Zuckerberg took to Facebook promising to do better.
"We have a responsibility to protect your data, and if we can't, then we don't deserve to serve you," Zuckerberg said in a 2018 Facebook post.
"I've been working to understand exactly what happened and how to make sure this doesn't happen again," said Zuckerberg before unfolding the timeline of events that outlined the evolution of the technology that led to the private data Facebook warehoused being abused by a third-party app developer.
"The good news is that the most important actions to prevent this from happening again today we have already taken years ago," he said. "But we also made mistakes, there's more to do, and we need to step up and do it."
Following those controversies, some privacy experts called for renewed efforts to restore trust in big data.
"There’s this idea of having a safe haven, where safe people work on safe data, in safe places, with safe outputs, that is very much the mantra that we would like to emphasise," the group said in their paper published in The Lancet Oncology journal.
ON THE RECORD
Meta does "not want health or other sensitive information" and its terms "prohibit developers from sending any," a spokesperson for the company told Reuters ahead of the trial.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
