Flo Health Moves to Dismiss Sexual Health Data Privacy Suit

On Monday, Flo Health Inc. moved to dismiss claims that it shared Flo App users’ private health information with outside data analytics providers after promising that it would be kept confidential. The motion claims that unlike previous iterations of the consumers’ complaint that alleged Flo Health sold users’ information, this version alleges that the defendant shared the information with third parties for advertising purposes. Flo Health refutes both contentions.

The filing explains that the technology startup launched its Flo App in 2016. The mobile application offers information to users about reproductive health and allows them to track their reproductive cycle, the motion says. In order to use the program, users must allegedly agree to Flo’s privacy policy, terms of use, and offer up sensitive personal information on their sexual health like the dates of their menstrual cycle.

Complaints streamed in earlier this year, and were consolidated before a San Francisco, California federal court. The users argued that Flo Health violated its own policy by knowingly giving their information to third parties including the advertiser defendants AppsFlyer, Google, Facebook, and Flurry.

With users’ intimate health details, the advertiser defendants reportedly profiled and targeted users for advertisements. In turn, The plaintiffs brought claims for invasion of privacy, breach of contract, and violations of the federal Stored Communications Act, the Comprehensive Computer Data Access and Fraud Act, and the California Confidentiality of Medical Information Act, among other laws.

This week’s filing asserts that the plaintiffs’ claims fail for lack of injury-in-fact, a requirement of standing in federal court. The filing is devoid of allegations that the plaintiffs suffered particularized injury like financial or reputational harm, or saw an unwanted advertisement due to Flo Health’s alleged use of their information, the defendant argues. “Even taking Plaintiffs’ unsupported characterization as true, the mere sharing of personal information ‘without any concrete consequences’ is not a cognizable harm,” the motion says.

The filing also contends that the users’ claims are time-barred. The company asserts that its terms of use provide a one-year limitations period that binds the plaintiffs and has run. The plaintiffs’ arguments that the period was tolled purportedly falls flat because they fail to explain “when or how Plaintiffs supposedly discovered their alleged injuries, Plaintiffs’ diligence, or why the injury would not have been discovered with adequate diligence.”

Flo Health also defends on grounds that the plaintiffs expressly consented to its data sharing practices when they agreed to its privacy policy. Specifically, the policy disclosed that the company would use “third-party tools provided by analytics divisions of larger tech companies ‘to monitor and analyze trends, usage and activities’ based on certain aggregated, de-identified user data.” As such, the plaintiffs cannot now complain that the company’s use of their data was non-consensual and surreptitious, Flo Health says.

Labaton Sucharow LLP, Spector Roseman & Kodroff P.C., and Lowey Dannenberg P.C. are interim co-lead class counsel for the plaintiffs and Flo Health is represented by Dechert LLP.