Settled with the Federal Trade Commission on the issue of the menstrual management app 'Flo' providing personal information to Facebook and Google

The Federal Trade Commission (FTC) of the United States announced on January 13, 2021 that the menstrual management app ' Flo ' was providing information on women's health to Facebook and Google without permission of users. We have reached a settlement on the condition that information is thoroughly protected. '

Developer of Popular Women's Fertility-Tracking App Settles FTC Allegations that It Misled Consumers About the Disclosure of their Health Data | Federal Trade Commission
https://www.ftc.gov/news-events/press-releases/2021/01/developer-popular-womens-fertility-tracking-app-settles-ftc

Flo gets FTC slap for sharing user data when it promised privacy | TechCrunch
https://techcrunch.com/2021/01/13/flo-gets-ftc-slap-for-sharing-user-data-when-it-promised-privacy/

Flo Health's iOS and Android app ' Flo ' is a popular health management app for women because it allows you to easily grasp information such as menstrual cycle prediction and pregnancy, childbirth, and menopause. However, users have been flooded with anxiety since the 2019 Wall Street Journal report revealed that Flo was providing personal information to third-party companies without the user's permission. ..

In response to this, the FTC conducted an examination of Flo on suspicion of violating the law. In a (PDF file)document summarizing the issue, the FTC said, 'Flo provides millions of female users with strict protection and confidentiality of information about ovulation cycle predictions and pregnancy and childbirth. However, in reality, we have shared personal information about women's health with third parties for many years. '

The provision of personal information from Flo to a third party began in February 2016 and continued until February 2019 when the problem became public in the press. It has also been found that market research firms Flurry and AppsFlyer , as well as Facebook, Google, and Google's marketing service Fabric, received personal information from Flo.

After that, FTC, which had been formulating recurrence prevention measures through public comments, announced on January 13, 2021 that it had officially settled with Flo. Flo has announced that it has agreed on the terms of 'being independently audited for privacy practices' and 'obtaining user consent before providing health information to the outside world.'

In addition, in the (PDF file) settlement agreement announced by FTC, as a condition of the settlement, 'Flo must not misrepresent the collection and use of personal information to the user and disclosure to the outside.' If personal information is disclosed, the affected user must be notified and the third party who obtained the information must be instructed to destroy the data. '

TechCrunch, an IT news site, said of the settlement, 'There was no financial penalty, but the FTC settlement is noteworthy as the first case in which U.S. regulators have provided this type of privacy-related notice. I point out.

In a statement, FTC's Consumer Protection Agency Director Andrew Smith said, 'Apps that collect sensitive health information can provide valuable services, but these apps must be consumer-reliable. Hmm. We are watching if the developers of health apps keep their promises and handle health information responsibly. '

A Flo spokeswoman said in a comment to the media, 'The agreement with the FTC does not admit fraud, but to avoid the time and expense of disputes.' He added, 'We are delighted to have settled with the FTC to resolve this issue. As requested as part of the terms of the settlement, we will be reviewed for compliance and users will be given the privacy of their health data. We guarantee that it will be absolutely the highest priority. '