Fertility App Flo Apparently Needed to Be Told Health Info Should Be Confidential
In a jaw-dropping violation of user privacy, women’s fertility app Flo shared highly personal user information with Facebook, including ovulation dates and period start dates. Even worse, this data was correlated to the user’s device ID, so ads could be personally targeted to them based on this sensitive information.
Flo Settles with FTC Over Privacy Violations
In a settlement that didn’t admit any wrongdoing, the FTC will require:
“Flo must tell users about its unauthorized sharing of data, obtain specific user permission to share such data, and have an independent party review its privacy practices.”
Flo’s tone deaf public statement about the settlement doesn’t inspire confidence that the company learned any lessons about the importance of privacy or marketing ethics:
“Our agreement with the FTC is not an admission of any wrongdoing. Rather, it is a settlement to avoid the time and expense of litigation and enables us to decisively put this matter behind us.
“Flo did not at any time share users’ names, addresses, or birthdays with anyone. We do not currently, and will not, share any information about our users’ health with any company unless we get their permission.”
To be clear, while the company didn’t share user names, they did share user device IDs, which personally identifies the user by number (if not by name). And women everywhere grimly laugh that thank goodness no one knows their birthdays– only their ovulation dates!
Fortunately, this kind of data sharing between apps and Facebook will become less frequent, as Apple took steps last year to increase user privacy.
Marketing Lesson: Make a Plan to Be Ethical
I don’t know the specific motivations behind Flo’s ethics violations (besides wanting more ad revenue, of course). But simple sloppiness can cause any business to slip into questionably ethical behavior. If one developer neglects to account for how user data is handled, or one contractor ignores security considerations, your customers could be exposed to outrageous data sharing.
Your business needs to create ethics guidelines and educate all employees, partners, contractors and vendors in these behaviors. Make respect for customers and their data part of your company culture. Not only is it ethical, but it will save you legal and PR nightmares.
Concerned about your handling of user data? Contact us to start a conversation.