App that tracks fertility misled consumers about disclosure of health data, FTC says
Flo did not admit to any wrongdoing in agreeing to the settlement.
Flo, a widely used period and fertility-tracking app, has reached a settlement with the Federal Trade Commission over allegations the company shared users' health data it had promised to keep private.
The FTC alleges that Flo disclosed health information as sensitive as a user's pregnancy to third parties -- including Google and Facebook's analytics units, and mobile analytics services AppsFlyer and Flurry -- and did not limit how the third parties could use the health data.
The app had told users that their data would only be used to help provide the app's services to them, according to the FTC.
As part of the settlement, announced Wednesday, Flo Health, the developer of the app, is prohibited from misleading users about its data-handling practices and must obtain an independent review of its privacy practices.
Flo must also "notify affected users about the disclosure of their personal information and instruct any third party that received users' health information to destroy that data," according to the FTC.
"Apps that collect, use, and share sensitive health information can provide valuable services, but consumers need to be able to trust these apps," Andrew Smith, director of the FTC's Bureau of Consumer Protection, said in a statement. "We are looking closely at whether developers of health apps are keeping their promises and handling sensitive health information responsibly."
The Flo app is used by more than 100 million consumers, according to the FTC.
In addition to period and ovulation tracking, the app also offers its users health articles and insight, tools to track babies' development and connections with other women around the world, according to its website.
The app says it has 36 million monthly active users.
In its settlement with the FTC, Flo did not admit to any wrongdoing, saying in a statement, in part, "We did not at any time share users' names, addresses, or birthdays with anyone. We do not currently, and will not, share any information about our users' health with any company unless we get their permission."
"We are glad to have reached an agreement with the FTC and resolved the matter," Flo added in its statement. "We will be conducting a compliance review into our policies and procedures as requested as part of the Consent Agreement and providing the FTC with regular updates. We are committed to ensuring that the privacy of our users' personal health data is absolutely paramount."
The FTC shared tips this week for consumers using health apps.
When using apps like Flo, the FTC recommends users compare options on privacy, make sure the app is up to date and has settings that let you control your health information and know the risks of your personal information "getting into the wrong hands."