Meta Platforms Inc., the parent company of Facebook and Instagram, could be on the hook for billions of dollars following a federal jury’s finding that the tech giant violated California privacy laws by intercepting sensitive user data from the popular fertility tracking app, Flo. The case marks one of the most significant privacy verdicts against a technology company to date and could reshape how courts apply decades-old privacy laws to modern digital data collection.
Jury Finds Meta Liable Under California Privacy Law
In August, a jury in San Francisco determined that Meta had unlawfully accessed and intercepted user communications from Flo without obtaining proper consent, in violation of the California Invasion of Privacy Act (CIPA). The law, enacted in 1967, prohibits the unauthorized recording or interception of private electronic communications.
The plaintiffs alleged that Meta used a piece of code — a software development kit (SDK) integrated into the Flo app — to secretly capture sensitive reproductive health data. The app, which tracks users’ menstrual cycles, ovulation periods, and fertility patterns, has millions of users worldwide, including more than 1.6 million in California during the relevant time frame.
Under CIPA, each violation carries a statutory penalty of $5,000, regardless of whether users suffered direct financial harm. Depending on how the court calculates the number of violations, Meta’s total exposure could reach as high as $8 billion for California users alone.
Judge Signals Massive Potential Damages
During a post-verdict hearing, U.S. District Judge James Donato noted that statutory damages could result in “multi-billion-dollar liability” if the jury’s findings stand. The court is currently weighing whether each unauthorized data transmission constitutes a separate violation, a factor that could dramatically increase the final damages figure.
The plaintiffs’ attorneys estimate that the California subclass includes 1.6 million users, while a broader national class could push the total number of claimants far higher. Even if the court ultimately limits the award to California residents, the resulting damages could rank among the largest ever imposed in a U.S. privacy case.
Settlements Narrow the Case Before Trial
Two of the original defendants in the lawsuit — Google and Flo Health Inc. — settled before trial. Google agreed to pay $48 million, and Flo settled for $8 million, without admitting wrongdoing. Those settlements left Meta as the sole remaining defendant at trial, where it mounted an aggressive defense asserting that it neither collected nor used Flo users’ personal data unlawfully.
Meta has announced its intent to appeal the verdict, calling the decision “legally flawed” and arguing that the SDK in question was used solely for legitimate analytics and advertising purposes. The company maintains that it did not “intentionally intercept” private communications as defined under CIPA.
Key Legal Issues on Appeal
Meta’s appeal is expected to focus on several central legal questions that could have wide-ranging implications for the technology industry:
- Definition of “Intercept” Under CIPA: Meta will likely argue that automated data transmissions between a user’s app and a third-party analytics provider do not qualify as “interceptions” under the statute.
- Intent Requirement: The company contends that it did not act “intentionally,” as required for liability, because the data collection occurred through automated processes.
- Applicability of CIPA to SDKs: Another issue is whether an SDK embedded in a third-party app constitutes an “electronic recording device” under the law.
Judge Donato previously rejected Meta’s requests for individual trials and separate damage determinations, signaling his view that class treatment was appropriate given the uniformity of the alleged conduct.
A Landmark Moment for Digital Privacy Litigation
Legal experts say the verdict underscores a growing willingness by courts and juries to hold tech companies accountable for opaque data practices. The case is also notable for applying an older wiretap statute — designed in the era of landline telephones — to modern app-based tracking technologies.
“This verdict shows that privacy laws written decades ago can still pack a punch when applied creatively to new technologies,” said a privacy law professor at the University of California, Berkeley. “The jury’s finding against Meta may encourage more class actions targeting digital surveillance in health and wellness apps.”
The outcome could also embolden regulators and lawmakers to revisit privacy frameworks governing sensitive health data, especially as fertility and reproductive apps face increasing scrutiny in the post-Dobbs legal landscape.
Meta’s Privacy History Under the Microscope
This is not Meta’s first major privacy controversy. The company previously paid $5 billion to the U.S. Federal Trade Commission in 2019 for violating a consent decree over user data. In 2024, it reached a $1.4 billion settlement with Texas regulators over its use of facial recognition technology.
If upheld, the Flo verdict could further damage Meta’s reputation and intensify calls for stronger consumer protections in digital health technologies. The case also raises the possibility that other app developers and data brokers could face similar litigation under state privacy laws.
Awaiting the Final Judgment
Judge Donato has not yet issued a final damages order, but both sides are preparing for a protracted legal battle. Meta is expected to seek post-trial relief and, if necessary, appeal to the Ninth Circuit Court of Appeals.
Even if the damages are reduced on appeal, the case represents a major shift in the legal landscape for data privacy enforcement. A final ruling in favor of the plaintiffs could reshape how technology companies approach data collection, consent, and health-related analytics in the years ahead.
🚀 Explore Legal Career Opportunities with LawCrossing
As landmark privacy cases like this redefine the boundaries of digital law, attorneys specializing in data protection, privacy litigation, and tech regulation are in high demand. Whether you’re a seasoned litigator or a compliance professional, LawCrossing connects you to thousands of legal job openings across top firms, corporations, and government agencies.
Find your next opportunity in the fast-growing world of technology and privacy law—visit LawCrossing today and take your legal career to the next level.
