I wish the article explained more about what Flo's culpability in this whole thing was. Pretty clearly they violated meta's terms of not sending health info. Was meta's problem that they didn't do enough to screen the data that developers were trying to send them?
As I read it: Meta's culpability was using the menstrual status people reported into the app for advertising
"Meta intentionally used SDKs to record women’s communications through 12 “custom app events” with names like “R_SELECT_LAST_PERIOD_DATE” and “R_SELECT_CYCLE_LENGTH.” They claimed Meta received event data for each survey question users filled out and used the data for advertising."
>"Meta intentionally used SDKs to record women’s communications through 12 “custom app events” with names like “R_SELECT_LAST_PERIOD_DATE” and “R_SELECT_CYCLE_LENGTH.” They claimed Meta received event data for each survey question users filled out and used the data for advertising."
The "intentionally" wording seems like a stretch. The same article also says
>Facebook prohibited Flo from sending any health data, she said, and required Flo to provide notice, obtain consent, and allow users to opt out of any data sharing. She claimed the plaintiffs intentionally omitted efforts by Facebook to mitigate the risk of sensitive data being shared.
It sounds like what happened was that Flo used facebook's SDK to send events, and facebook wasn't involved aside from providing such an SDK/backend service. If so, I think the jury reached the wrong decision here. Why should it be up to facebook to police what SDK events app developers send to it? Should Firebase be liable for privacy violations if it "intentionally" used SDKs to record women's drivers license photos[1], and then allow them to be downloaded by anyone?
I feel like if Facebook parsed the names then it might be reasonable to hold them liable; them using it unintentionally would be treating them as opaque blobs. But that wouldn't be useful for advertising.
Since I couldn't find it in the article, I believe the relevant docket is Frasco v. Flo Health, Inc., 3:21-cv-00757, (N.D. Cal.) — don't have PACER access but it seems like https://www.courtlistener.com/docket/55370837/frasco-v-flo-h... has some info (see for example 744, final instructions for jury).
The article doesn't say clearly if it was a decision made by someone at meta or if it's just be default meta used all the information sent to it by app developers for advertising. I feel like each of those two scenarios would lead to different levels of culpability.
I’m not a lawyer, but I’m curious about how such situations like this are handled legally. Seems that personal data should be handled as if it’s your own (golden rule) and that allowing others to access it without consent is akin to sharing a secret. Such a secret, in my opinion, constitutes a form of intellectual property and therefore facilitating unauthorized access would be akin to larceny. Does this make sense? Please feel free to enlighten ne otherwise.
What's preventing companies from forcing you to give them rights over such "secrets" as a condition of using the app? Companies already do this all the time, by forcing you to give them a non-exclusive, worldwide, irrevocable, royalty free license to whatever content you upload to their service.
I read the article and I feel like I don't understand what was being contested. One lawyer says "yes thing" and the other says "no thing."
What, precisely, is thing? I'm not a lawyer.
Anyway, yeah we know when women are menstruating now so let's cash out. What was the issue, though? Is the idea "I use this to track my own schedule, not to be sold out to strangers"?
Because, I'm sorry, but whether it's menstruation, palpation, or childbirth, if you put it in an app then the whole point was to sell you out.
Good that class action is questioning this, but I wonder how much is law and how much is posturing feels.
I wish the article explained more about what Flo's culpability in this whole thing was. Pretty clearly they violated meta's terms of not sending health info. Was meta's problem that they didn't do enough to screen the data that developers were trying to send them?
As I read it: Meta's culpability was using the menstrual status people reported into the app for advertising
>"Meta intentionally used SDKs to record women’s communications through 12 “custom app events” with names like “R_SELECT_LAST_PERIOD_DATE” and “R_SELECT_CYCLE_LENGTH.” They claimed Meta received event data for each survey question users filled out and used the data for advertising."
The "intentionally" wording seems like a stretch. The same article also says
>Facebook prohibited Flo from sending any health data, she said, and required Flo to provide notice, obtain consent, and allow users to opt out of any data sharing. She claimed the plaintiffs intentionally omitted efforts by Facebook to mitigate the risk of sensitive data being shared.
It sounds like what happened was that Flo used facebook's SDK to send events, and facebook wasn't involved aside from providing such an SDK/backend service. If so, I think the jury reached the wrong decision here. Why should it be up to facebook to police what SDK events app developers send to it? Should Firebase be liable for privacy violations if it "intentionally" used SDKs to record women's drivers license photos[1], and then allow them to be downloaded by anyone?
[1] https://en.wikipedia.org/wiki/Tea_(app)#Data_leaks
> and facebook wasn't involved aside from providing such an SDK/backend service.
I don't think that's the case. If Facebook used the data for advertising, they should have checked that it was legal to do so.
I would agree with you if they only provided the backend service. But once they started using the data themselves, they should have checked.
I feel like if Facebook parsed the names then it might be reasonable to hold them liable; them using it unintentionally would be treating them as opaque blobs. But that wouldn't be useful for advertising.
Since I couldn't find it in the article, I believe the relevant docket is Frasco v. Flo Health, Inc., 3:21-cv-00757, (N.D. Cal.) — don't have PACER access but it seems like https://www.courtlistener.com/docket/55370837/frasco-v-flo-h... has some info (see for example 744, final instructions for jury).
The article doesn't say clearly if it was a decision made by someone at meta or if it's just be default meta used all the information sent to it by app developers for advertising. I feel like each of those two scenarios would lead to different levels of culpability.
But custom app events are just database entries created someone not Meta?
I’m not a lawyer, but I’m curious about how such situations like this are handled legally. Seems that personal data should be handled as if it’s your own (golden rule) and that allowing others to access it without consent is akin to sharing a secret. Such a secret, in my opinion, constitutes a form of intellectual property and therefore facilitating unauthorized access would be akin to larceny. Does this make sense? Please feel free to enlighten ne otherwise.
What's preventing companies from forcing you to give them rights over such "secrets" as a condition of using the app? Companies already do this all the time, by forcing you to give them a non-exclusive, worldwide, irrevocable, royalty free license to whatever content you upload to their service.
I read the article and I feel like I don't understand what was being contested. One lawyer says "yes thing" and the other says "no thing."
What, precisely, is thing? I'm not a lawyer.
Anyway, yeah we know when women are menstruating now so let's cash out. What was the issue, though? Is the idea "I use this to track my own schedule, not to be sold out to strangers"?
Because, I'm sorry, but whether it's menstruation, palpation, or childbirth, if you put it in an app then the whole point was to sell you out.
Good that class action is questioning this, but I wonder how much is law and how much is posturing feels.
[flagged]
[dead]
[flagged]