1. FTC v. Flo Health (2021) — “Flo App Data Sharing Case”

Background

Flo Health is one of the most widely used fertility and menstrual tracking apps. It promised users privacy and claimed sensitive health data would not be shared.

What went wrong

• The app allegedly shared users’ reproductive health data with third-party analytics and marketing companies.
• This included:
  • Menstrual cycle information
  • Pregnancy intentions
  • App usage behavior
• Data was shared through tools like analytics SDKs, even when users were told data was private.

Legal issue

The U.S. Federal Trade Commission (FTC) alleged:

• Deceptive privacy practices (misleading users about data protection)
• Unauthorized sharing of sensitive health data

Outcome

• Flo Health settled with the FTC in 2021.
• Required to:
  • Obtain explicit user consent before sharing health data
  • Undergo third-party privacy audits
  • Implement strict data governance controls

Legal significance

This was one of the first major cases establishing that fertility and reproductive data = highly sensitive health data under consumer protection law, even if not formally classified as HIPAA-protected data.

2. FTC v. Easy Healthcare Corp (Premom App Case, 2023)

Background

Easy Healthcare Corporation operates the fertility app Premom, used for ovulation tracking and pregnancy planning.

What happened

• The app allegedly shared user fertility data with third-party advertising platforms.
• Data included:
  • Ovulation test results (very sensitive fertility indicators)
  • Pregnancy-related usage behavior
• Users were not clearly informed that this data would be used for advertising or analytics.

Legal claims

FTC alleged:

• Misrepresentation of privacy protections
• Unfair collection and disclosure of sensitive health data
• Failure to secure user consent properly

Outcome

• Settlement in 2023 required:
  • Strong opt-in consent mechanisms
  • Prohibition on sharing fertility data without explicit permission
  • Mandatory privacy program implementation

Legal significance

This case reinforced that fertility predictions and ovulation data are treated as “sensitive health inferences”, not just general app data.

3. In re Meta Pixel Healthcare Litigation (MDL, ongoing since 2022)

Background

This is a multi-district litigation (MDL) involving hospitals, fertility clinics, and health apps that used tracking tools from Meta (Facebook) without proper consent.

What happened

• Many healthcare websites embedded the Meta Pixel tracking tool.
• This allegedly transmitted:
  • Appointment booking data
  • Fertility clinic visits
  • Pregnancy-related search terms
  • Treatment information (IVF, infertility consultations)

Legal claims

Plaintiffs allege:

• Violation of privacy laws (including state privacy statutes)
• Unauthorized disclosure of protected health information
• Improper sharing with a third-party advertising platform

Key legal issue

Even when data is not stored in a “medical database,” courts are examining whether:

health-related browsing and form submissions constitute protected medical information when shared with ad tech tools

Legal significance

• Expands liability beyond apps into entire digital health ecosystems
• Shows that even fertility clinic websites can become “data breach environments” via tracking pixels

4. GoodRx FTC Settlement (2023) — Health Data Misuse Context

Although not a fertility app, this case is important for reproductive health privacy because it involved medication and health condition inference.

Background

GoodRx is a digital health platform used for prescription discounts.

What happened

• Shared user health-related data (including medication search behavior) with advertisers like Facebook and Google.
• Data could reveal:
  • Fertility treatments
  • Hormonal medications
  • Reproductive health conditions indirectly

Legal findings

FTC concluded:

• Users were misled about data sharing practices
• Sensitive health data was used for advertising purposes

Outcome

• Settlement included:
  • Ban on sharing sensitive health data for advertising
  • Mandatory privacy controls and audits

Legal significance

• Reinforced that “inferred reproductive health status” is still protected data
• Expanded understanding of indirect fertility-related privacy violations

5. UK ICO Action Against Health Data Tracking (Babylon Health Context, 2023)

Background

Babylon Health operated digital health services including symptom tracking and telehealth.

Issue

• Investigations found concerns about:
  • Use of analytics tools in health apps
  • Potential leakage of sensitive health inference data
  • Lack of transparency in data processing

Regulatory findings (UK ICO approach)

• Emphasized stricter interpretation of GDPR for health data
• Health and fertility-related data is “special category data”

Legal significance

Strengthened the principle that:

Even indirect reproductive health data (symptom tracking, cycle inference) must be treated as highly sensitive under data protection law

Key Legal Principles Emerging from These Cases

Across all these cases, courts and regulators have converged on several important principles:

1. Fertility data is “highly sensitive health data”

Even if not formally medical records, it is treated like medical information due to its predictive nature.

2. Inferred data is still protected

Even if an app does not explicitly collect “pregnancy status,” it can be inferred from usage patterns and still be legally sensitive.

3. Consent must be explicit and informed

Hidden sharing via SDKs or analytics tools is not valid consent.

4. Third-party sharing = primary liability risk

Apps are responsible for how analytics and ad partners use the data.

5. Digital health ecosystems are legally interconnected

Fertility apps, clinics, and trackers are now treated as part of a single privacy chain.