Flo Health, Inc., the developer of a popular period and fertility-tracking app, has reached a settlement with the Federal Trade Commission after the company shared private health information of more than 150 million users to data analytics providers such as Google and Facebook.
The digital fertility predictor, period tracker and pregnancy app for women claimed to correlate provided health information and intimate details of its users, promising to keep the information private.
However, the FTC complaint describes how sensitive health information shared in the Flo App, such as the user’s pregnancy status, was disclosed to third parties through “app events.”
“Flo disclosed health data from millions of users of its Flo Period & Ovulation Tracker app to third parties that provided marketing and analytics services to the app, including Facebook’s analytics division, Google’s analytics division, Google’s Fabric service, AppsFlyer, and Flurry,” the FTC said.
The agency noted that the developers of the app violated the EU-US Privacy Shield and Swiss-US Privacy Shield frameworks. The Privacy Shield framework requires companies to follow strict privacy principles to ensure that users are asked for permission to share their personal information to third parties.
Flo Health was ordered to notify users whose personal information was disclosed while instructing any third-party recipient of users’ health information to destroy the data immediately.
Moreover, the company has agreed to ask for users’ consent before sharing information in the future and review its alleged privacy-oriented promises, offering precise representations of any entity to whom it may disclose collected information.
“Apps that collect, use, and share sensitive health information can provide valuable services, but consumers need to be able to trust these apps,” said the director of the FTC’s Bureau of Consumer Protection, Andrew Smith. “We are looking closely at whether developers of health apps are keeping their promises and handling sensitive health information responsibly.”
The FTC’s mission also focuses on spreading awareness on the increased use of health apps that ask for your personal or sensitive health information. In some cases the risks may outweigh the benefits, compromising user privacy.
Users are urged to compare privacy policies for apps providing similar services to find the most suitable application. Make sure that the app sharing your information tells you what and why. Freedom to tweak the settings of the app is a plus, as it may give users more control over what the app collects and shares with third parties.
Unfortunately, not all app developers stand by their privacy policies, so if you suspect that health app provider is not fulfilling its promised, make sure to notify the agency or local privacy watchdog.