Meta violated privacy law, jury says in menstrual data fight

https://www.courthousenews.com/meta-violated-privacy-law-jury-says-in-menstrual-data-fight/

59•danso•7h ago

Comments

changoplatanero•6h ago

I wish the article explained more about what Flo's culpability in this whole thing was. Pretty clearly they violated meta's terms of not sending health info. Was meta's problem that they didn't do enough to screen the data that developers were trying to send them?

worik•6h ago

As I read it: Meta's culpability was using the menstrual status people reported into the app for advertising

    "Meta intentionally used SDKs to record women’s communications through 12 “custom app events” with names like “R_SELECT_LAST_PERIOD_DATE” and “R_SELECT_CYCLE_LENGTH.” They claimed Meta received event data for each survey question users filled out and used the data for advertising."

changoplatanero•6h ago

The article doesn't say clearly if it was a decision made by someone at meta or if it's just be default meta used all the information sent to it by app developers for advertising. I feel like each of those two scenarios would lead to different levels of culpability.

gruez•5h ago

>"Meta intentionally used SDKs to record women’s communications through 12 “custom app events” with names like “R_SELECT_LAST_PERIOD_DATE” and “R_SELECT_CYCLE_LENGTH.” They claimed Meta received event data for each survey question users filled out and used the data for advertising."

The "intentionally" wording seems like a stretch. The same article also says

>Facebook prohibited Flo from sending any health data, she said, and required Flo to provide notice, obtain consent, and allow users to opt out of any data sharing. She claimed the plaintiffs intentionally omitted efforts by Facebook to mitigate the risk of sensitive data being shared.

It sounds like what happened was that Flo used facebook's SDK to send events, and facebook wasn't involved aside from providing such an SDK/backend service. If so, I think the jury reached the wrong decision here. Why should it be up to facebook to police what SDK events app developers send to it? Should Firebase be liable for privacy violations if it "intentionally" used SDKs to record women's drivers license photos[1], and then allow them to be downloaded by anyone?

[1] https://en.wikipedia.org/wiki/Tea_(app)#Data_leaks

jlarocco•4h ago

> and facebook wasn't involved aside from providing such an SDK/backend service.

I don't think that's the case. If Facebook used the data for advertising, they should have checked that it was legal to do so.

I would agree with you if they only provided the backend service. But once they started using the data themselves, they should have checked.

mook•4h ago

I feel like if Facebook parsed the names then it might be reasonable to hold them liable; them using it unintentionally would be treating them as opaque blobs. But that wouldn't be useful for advertising.

Since I couldn't find it in the article, I believe the relevant docket is Frasco v. Flo Health, Inc., 3:21-cv-00757, (N.D. Cal.) — don't have PACER access but it seems like https://www.courtlistener.com/docket/55370837/frasco-v-flo-h... has some info (see for example 744, final instructions for jury).

miohtama•2h ago

But custom app events are just database entries created someone not Meta?

adfm•6h ago

I’m not a lawyer, but I’m curious about how such situations like this are handled legally. Seems that personal data should be handled as if it’s your own (golden rule) and that allowing others to access it without consent is akin to sharing a secret. Such a secret, in my opinion, constitutes a form of intellectual property and therefore facilitating unauthorized access would be akin to larceny. Does this make sense? Please feel free to enlighten ne otherwise.

gruez•6h ago

What's preventing companies from forcing you to give them rights over such "secrets" as a condition of using the app? Companies already do this all the time, by forcing you to give them a non-exclusive, worldwide, irrevocable, royalty free license to whatever content you upload to their service.

cryptodan•3h ago

It was a true blood bath.

MathMonkeyMan•1h ago

I read the article and I feel like I don't understand what was being contested. One lawyer says "yes thing" and the other says "no thing."

What, precisely, is thing? I'm not a lawyer.

Anyway, yeah we know when women are menstruating now so let's cash out. What was the issue, though? Is the idea "I use this to track my own schedule, not to be sold out to strangers"?

Because, I'm sorry, but whether it's menstruation, palpation, or childbirth, if you put it in an app then the whole point was to sell you out.

Good that class action is questioning this, but I wonder how much is law and how much is posturing feels.

Robotic Manipulation of a Rotating Chain with Bottom End Fixed

Show HN: LatentSync–Precise AI Video Lip Synchronization

Coherent and Incoherent Light Scattering by Single-Atom Wave Packets

Local-First Search

Terence Tao explains what's going on

Show HN: N0vaTools – A cool toolkit with many features

Show HN: MagicQuill – Edit Images with AI Brushes

GOG hit back at censorship by making notable NSFW games free-to-own for few days

Microsoft is open sourcing Windows 11's UI framework

Collections: Life, Work, Death and the Peasant, Part IIIa: Family Formation

Ask HN: How to visualize all human thought

Enough of billionaire's big tech. 'Frugal tech' will build us all a better world

GitHub-Formalizing the Strong Goldbach Conjecture for AI(HOL,Standard Semantics)

Symbol-Level Editing

WinUI OSS Update: Phased Rollout Toward Open Collaboration

How to make people give a damn

Termagotchi – A terminal-based Tamagotchi simulation written in Go

Unleashing potential energy in my EV

Show HN: Valitron – I built an AI that interviews and ranks job applicants

Meejah/shwim: Peer-to-peer terminal sharing

You're probably not learning with AI

Thinking in Crypto Security for Cyberpunk Individuals

China claims Nvidia built backdoor into H20 chip

Persona vectors: Monitoring and controlling character traits in language models

Primesweeper

C3 Programming Language 0.7.4 Release

Tesla loses Autopilot wrongful death case in $329M verdict

The Quintessential Urban Design of 'Sesame Street'

Way-secure: A helper to create Wayland security contexts via security_context_v1

Retrieval Embedding Benchmark (RTEB)