A California jury just handed Meta a legal loss for violating user privacy—and this time, it’s personal. The case? Period tracker apps sending deeply sensitive menstrual health data straight to Facebook, without users’ informed consent.

Meta was found to have violated the California Invasion of Privacy Act (CIPA), with the jury agreeing that Facebook knowingly intercepted confidential health data. This data came from Flo, Glow, and other menstrual-tracking apps that millions rely on. The kicker? Much of the data was funneled through embedded Facebook tracking tools like the Meta Pixel.

These weren’t just ad clicks or browsing habits—this was reproductive health info, fertility data, and cycle logs being swept up into Meta’s advertising engine.

Big Tech’s Data Grabs Are Getting More Personal

This verdict signals growing legal accountability for platforms whose business models depend on covert surveillance. While the $10,000-per-violation fine may not threaten Meta’s balance sheet, it shows juries are increasingly unwilling to accept “oops” as an excuse for invasive data practices.

California’s privacy laws—some of the strongest in the U.S.—are playing a pivotal role in defining what kinds of digital surveillance are simply off-limits.

Reclaiming Control: How Privacy Tools Push Back

The broader lesson? It’s no longer safe to assume apps—even those focused on health and wellness—keep your data private. And while lawmakers are slowly catching up, individuals can act now.

Using privacy-focused tools like the Incognito Browser for Android—which doesn’t collect user data or sell ads—helps break the cycle of silent tracking. Whether you’re browsing medical resources or just shopping online, not every click should become an advertising asset.

The Real Risk Is What You Don’t Know

Millions of users didn’t know their menstrual tracking habits were being shared. If that sounds outrageous, it is—and this case is a stark reminder that privacy isn’t a feature, it’s a fight.

Meta privacy case