Case Against Health App Could Provide Guidance on Other Privacy Claims

"The court’s decision in the Frasco v. Flo Health, Inc . has significant implications for businesses, technology and app development sectors, and those that rely on user data for both software development and revenue generation," said the bloggers.

The case recently received class certification. The U.S. District Court for Northern California certified class status for claims brought under the California Confidentiality of Medical Information Act (CMIA), the California Invasion of Privacy Act (CIPA) and for breach of contract, according to the blog.

One of the reasons the court granted certification is that it found Flo's class action waiver included in its Terms of Service to be unenforceable, said the lawyers. "The court found it particularly problematic that the arbitration and class action waiver was 'buried in a manner that made it likely a user’s attention was not drawn to it,'" they said. "This finding underscores some courts’ skepticism of clauses buried in Terms of Service, even if consumers “check the box” that they’ve read and understood those terms."

Additionally, the court ruled that just because the information was anonymized did not mean the plaintiffs and class action members lacked standing. "The court emphasized that the legal injury occurred at the point of data interception without consent, regardless of whether the data was later anonymized," said the Fisher bloggers. "This court instead held that this type of unauthorized data collection constitutes a concrete injury, regardless of whether it is anonymized."

The blog also said "user’s expectations about privacy can be set -- or at least molded -- by the disclosures and representations made to them" in privacy policies and/or terms of service, as it was a reoccurring issue in all the claims.