Flo is one of the world’s most downloaded health apps. It helps users track their periods, fertility cycles, pregnancies, and perimenopause. And for many, it’s a trusted companion through some of life’s most personal moments. But multiple lawsuits now allege that Flo Health Inc. hasn’t lived up to that trust.
What’s the controversy?
A class action lawsuit in Canada is accusing Flo of collecting and sharing highly sensitive user information with third parties, including tech giants like Facebook and Google.
Flo has denied any wrongdoing, stating it never sold user data or shared it for advertising without consent. But this isn’t an isolated legal challenge. In the U.S there have been further class actions targeting Flo and Meta, one of which kicked off this month.
In this case, lawyers are demanding $1,000 statutory damages per user. If Flo is found to be guilty, the potential damages could reach billions.
The data in question? Not just cycle dates and symptoms, but details about users’ sex lives, pregnancy status, sexual activity, masturbation habits, infections, and when they were trying to conceive.
The link with Facebook, Google and Flurry
At the centre of these claims is how Flo allegedly integrated third-party analytics tools from companies like Meta (Facebook), Google, and the now-defunct analytics firm Flurry. These tools allow apps to gather behavioural insights, but also send data back to the companies that provide them.
The fallout has been widespread:
- Flurry has agreed to a $3.5 million settlement to end its part in the U.S. lawsuit. The plaintiffs will continue to pursue Flo, Google and Meta for further damages.
- The U.S. Federal Trade Commission found Flo shared user health data despite explicitly telling users it wouldn’t.
- As part of a 2021 settlement, Flo agreed to get user consent before sharing any health data and to undergo an independent privacy review.
What does this mean for UK users?
Flo is a global app, and millions of UK users have trusted it with personal information under the assumption that their data would remain private.
In the UK, apps like Flo must comply with GDPR, which gives people the right to know how their personal data is being used, and to give meaningful consent. Health data is considered special category data under GDPR, meaning it requires even stronger protections.
If the allegations are proven true – and Flo shared this kind of data without proper user permission – it could amount to a very serious breach of UK data protection law, and significant compensation for those affected.
What you can do now
If you have used Flo and you’re based in the UK, you may have grounds to join a group action if one is launched. At Join the Claim, we’re monitoring developments closely, and we’ll let you know if a claim opens for UK residents.
In the meantime, here are three steps you can take:
- Check app permissions: See which apps have access to your location, health data and more.
- Re-read the privacy policy: Look for anything about third-party sharing or advertising.
- Speak up: If you feel your data was misused, you have the right to take action.
Want to be the first to know if a UK Flo compensation claim opens? Sign up to our updates and we’ll keep you in the loop.
