The FTC showed their continued efforts to defend consumer data privacy in the new year with in reaching a settlement with Flo Health, Inc (“Flo” or “the Company”). The FTC filed a complaint against Flo for sharing the personal health information of more than 100 million users of their app with third parties. This comes after Flo had promised to keep users’ data private and without the Company obtaining consent from users to share their data with any third party. According to the FTC, Flo shared this information to third parties that provided their app with marketing and analytics services, such as Facebook and Google.
The settlement requires Flo to obtain an independent review of its privacy practices and obtain app users’ consent before sharing the health information that they provide. Further, the Company is prohibited from misrepresenting the purposes for which it intends to use app users’ data, notify users of the disclosure of their personal health data, and require third parties that received personal health data to destroy that data.
This follows recent action by the FTC to protect personal data. Most recently, in December 2020, the FTC ordered nine social media services, including Twitter and Facebook, to provide data on their collection, usage and presentation of personal data. The FTC also entered into settlements with Zoom, InfoTrax Systems, and ClixSense in 2020 for not protecting user data. This trend is further supported by the appointment of Rebecca Slaughter as active chair of the FTC, who wrote that “protecting a consumer’s privacy and providing strong data security are closely intertwined, and when we solve only for one we fail to secure either.” These signs point towards even further protections for consumers and more strictly enforced privacy rights.