California Attorney General: Fertility App Must Improve Data Privacy and Security Measures; Pay $250,000 Civil Penalty

  • California AG Xavier Becerra reached a settlement with mobile-app maker Glow, Inc. and related company Upward Labs Holdings, Inc. (collectively “Glow”) to resolve allegations that its fertility-tracking mobile app improperly and unsafely handled women’s personal and medical information in violation of the state’s Confidentiality of Medical Information Act, Unfair Competition Law, and False Advertising Law.
  • The complaint alleged that, among other things, Glow’s app failed to adequately safeguard health information, allowed access to users’ information without their consent, contained security flaws that could allowed third parties to reset user account passwords without user consent, and made misleading claims about the security of users’ data.
  • Under the terms of the proposed final judgment, among other things, Glow will pay a $250,000 civil penalty will be required to incorporate privacy and security design principles into its mobile apps, and to obtain affirmative user consent prior to sharing or disclosing sensitive information.