Data Privacy in the Digital Age – What You Need to Know about That App You Just Downloaded!

KEY POINTS

  • A 2019 survey by Pew Research Center found that 79% of Americans are concerned with how companies collect and use data on consumers.
  • Another study conducted by the cybersecurity firm, RSA (2019), determined that 45% of Americans have had their personal information comprised within the last five years, due to a data breach.
  • In 2020, Security.org conducted a survey, which revealed that more than 60% of survey participants had fallen victim to some type of hack, scam, or financial information theft.

January 28, 2021 is Data Privacy Day! O’Mard Consulting Services, LLC., is a Data Privacy Day Champion. Accordingly, for the next few weeks our subsequent posts will focus on promoting awareness about the importance of respecting privacy, safeguarding data, and enabling trust. Today, we will examine Flo, a popular fertility tracking app that was recently in the news for sharing customer data with Facebook, despite their privacy policy avowal that they would never share their customers’ data.

In 2019, the Wall Street Journal (WSJ) published an article, highlighting the data-sharing activity of several popular apps. One of the apps listed in the article was Flo, a widely used fertility tracking app, which has been downloaded more than 140 million times! When using an app of this standing, a user would think that their health data would remain confidential. In fact, Flo Health, Inc affirmed that user information would always remain private. Unfortunately, this was not the case. Analysis conducted by the WSJ revealed that Flo frequently shared “in-app” activity with Facebook. This data consisted of when a user was having her period, and/or if she intended to get pregnant. The Wall Street Journal concluded that it was impossible for a Flo user to opt out of having this sensitive information shared with Facebook.

When Facebook received a user’s data from Flo, they would send the user targeted ads. Furthermore, it was noted that fertility data were subsequently shared with Google’s analytics division, Google’s Fabric service, AppsFlyer, and Flurry. To add insult to injury, Facebook originally denied that they shared users’ sensitive health data with other establishments. Flo eventually stopped disclosing customers’ data when the company’s deceptive practices were exposed by the Wall Street Journal. This despicable invasion of privacy was ultimately brought to the attention of the FTC and, on January 13th, 2021, Flo and the FTC reached a settlement.

The FTC settlement requires that Flo Health, Inc. obtain an independent privacy review and the user’s consent, before sharing their health information. The FTC also specified that “Flo is prohibited from misrepresenting the purposes for which it or entities to whom it discloses data, collect, maintain, use, or disclose the data; how much consumers can control these data uses; its compliance with any privacy, security, or compliance program; and how it collects, maintains, uses, discloses, deletes, or protects users’ personal information. In addition, Flo must notify affected users about the disclosure of their personal information and instruct any third party that received users’ health information to destroy that data.”

Some may consider the FTC’s settlement as a slap on the wrist, given that no financial penalties were levied against Flo Health, Inc. However, it is worth noting that this settlement is a win for privacy advocates, since this is the first time that a U.S. regulator has ordered notice of a privacy action! Flo is not the only app on the market that has sold customers data, despite vehemently declaring that they would never do so. In our next article, we will continue the data privacy conversation by examining ways we can protect our data. In the meantime, do not hesitate to contact us if you have additional data privacy questions, and make sure to subscribe to our newsletter to stay up to date with our latest content!

Additional Resources

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.