A jury has unanimously found Meta guilty of violating the California Invasion of Privacy Act by using data from menstruation and fertility app Flo to sell advertising to the social network.

“This is a landmark moment in the effort to safeguard digital privacy rights,” said Michael Canty, lead trial attorney at Labaton Keller Sucharow LLP, representing the plaintiffs, in an emailed statement to The Register.

“Our clients entrusted their most sensitive information to a health app, only to have it exploited by one of the world’s most powerful tech companies. This verdict is a wake-up call to companies that view consent as a formality and transparency as optional.”

Founded in 2015, Flo Health makes an iOS and Android app that about 70 million people use each month, according to the company. It can track not only period cycles and ovulation, but also sexual activity and health issues, should the user add in that data.

However, in 2019, the Wall Street Journal reported Flo was sharing health events with Meta.