Mental Health App Class Actions: Privacy Concerns and Data Sharing

Introduction

Mental health apps have surged in popularity, offering more accessible and affordable options for therapy, meditation, mood tracking, and emotional support. These digital tools have helped millions of people manage conditions like anxiety, depression, and insomnia, particularly during and after the COVID-19 pandemic when traditional mental health services were strained.

However, investigations have revealed a troubling pattern: many of these apps collect and share highly sensitive personal data with third parties, often without users' knowledge or meaningful consent. This has led to a wave of class action lawsuits alleging privacy violations, deceptive practices, and breaches of users' trust during vulnerable moments.

This article examines the growing trend of class action lawsuits against mental health apps, the privacy concerns driving this litigation, recent settlements, and how affected users can participate in these cases while better protecting their sensitive information.

Privacy Concerns with Mental Health Apps

Mental health apps raise several distinct privacy concerns that make them particularly problematic when data is mishandled:

Sensitivity of the Data

Mental health apps collect exceptionally sensitive information, including:

• Self-reported mental health conditions and symptoms
• Emotional states and mood patterns
• Therapy conversations and journal entries
• Medication usage and treatment plans
• Crisis events, such as suicidal thoughts
• Personal reflections and vulnerability disclosures

This information is far more intimate than typical consumer data and could be deeply embarrassing or harmful if exposed or misused.

Opaque Data Collection

Many apps collect data beyond what's necessary for their core functions, including:

• Location tracking
• Device information
• Social media connections
• Browsing habits
• Usage patterns and engagement metrics
• Voice recordings (for voice-activated features)

Users are often unaware of the extent of this data collection, which happens continuously in the background.

Extensive Third-Party Sharing

Investigations have revealed that many mental health apps share user data with numerous third parties, such as:

• Advertising networks
• Analytics providers
• Social media platforms
• Data brokers
• Marketing companies
• Cloud service providers

This sharing often occurs despite privacy policies suggesting data is kept confidential or secured.

Inadequate Security Measures

Some mental health apps have implemented insufficient security protections, leading to data breaches or unauthorized access. This is particularly concerning given the sensitivity of the information involved.

Misleading Privacy Claims

Many apps market themselves as "safe spaces" or emphasize confidentiality in their promotional materials while their actual data practices contradict these claims. This disconnect between marketing and reality has become a central issue in class action litigation.

Legal Obligations of Mental Health Apps

Mental health apps operate in a complex regulatory environment that includes several overlapping legal frameworks:

HIPAA Considerations

The Health Insurance Portability and Accountability Act (HIPAA) strictly regulates protected health information, but it only applies to "covered entities" (healthcare providers, health plans, and healthcare clearinghouses) and their business associates. Many mental health apps fall outside HIPAA's scope because they:

• Don't accept insurance
• Aren't offered through healthcare providers
• Position themselves as wellness tools rather than medical treatments

This regulatory gap has allowed some apps to share sensitive health information that would be protected under HIPAA if collected in traditional healthcare settings.

FTC Act

The Federal Trade Commission Act prohibits unfair or deceptive practices, which can include misrepresentations about data privacy. The FTC has increasingly focused on health app privacy, bringing enforcement actions against companies whose practices contradict their privacy promises.

State Privacy Laws

Several state laws have significant implications for mental health apps:

• The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give consumers rights regarding their personal information
• Illinois' Biometric Information Privacy Act (BIPA) requires consent before collecting biometric information (which may include voice recordings used in some apps)
• The New York SHIELD Act and similar laws in other states require reasonable security measures for sensitive data

Common Law Obligations

Mental health apps may also face common law claims for:

• Breach of contract (violating their own terms of service or privacy policies)
• Intrusion upon seclusion (invading highly personal aspects of users' lives)
• Public disclosure of private facts (when sensitive information is shared inappropriately)

This complex legal landscape has created uncertainty about mental health apps' obligations, but recent class action settlements are beginning to establish clearer standards.

Major Mental Health App Class Actions

Several significant class actions have shaped the landscape of mental health app privacy litigation:

Therapy Platform Data Sharing

A major class action was filed against a popular therapy app platform after investigations revealed it was sharing users' sensitive information—including detailed questionnaire responses about mental health conditions and chat messages with therapists—with Facebook, Snapchat, and advertising companies. The lawsuit alleged this sharing violated the platform's privacy promises and users' reasonable expectations of confidentiality.

Meditation App Tracking

A widely-used meditation app faced a class action after researchers discovered it was sharing detailed usage data with third-party analytics and advertising companies, including information about when users meditated, for how long, and what emotional issues they were addressing. The lawsuit claimed these practices contradicted the app's marketing, which emphasized creating a "safe space" for mental wellbeing.

Mood Tracking Analytics

A mood and symptom tracking app designed for people with depression was hit with litigation when it was revealed that the app shared detailed emotional state information with data brokers, who could potentially use this information to target vulnerable users with advertising. The class action alleged this created risks of discrimination and manipulation.

Crisis Support Chat Monitoring

A crisis support and suicide prevention app faced a class action after users discovered their supposedly private crisis conversations were being analyzed by third-party services and used to build behavioral profiles. The lawsuit claimed these practices violated user trust during extremely vulnerable moments.

Mental Health Assessment Sharing

An app offering mental health assessments and screening tools was sued when investigators found it was sharing detailed assessment results—including information about anxiety levels, depression symptoms, and potential psychiatric conditions—with dozens of third-party marketing and analytics companies.

Recent Settlements and Outcomes

Mental health app class actions have resulted in several significant settlements:

• A $7.8 million settlement with a therapy platform that allegedly shared confidential therapy conversations and health questionnaire responses with advertising partners
• A $3.2 million settlement with a meditation app that allegedly tracked and shared users' emotional state data and meditation habits
• A $2.5 million settlement with a mood tracking app that allegedly disclosed sensitive mental health information to data analytics companies
• A $1.9 million settlement with a mental wellness app that allegedly used data from journal entries for targeted advertising purposes

These settlements typically include both monetary compensation for affected users and requirements for business practice changes, such as:

• Enhanced disclosure of data collection and sharing practices
• Implementation of stronger consent mechanisms
• Restrictions on sharing sensitive mental health information
• Improved data minimization protocols (collecting only necessary information)
• Stronger data security requirements
• Regular privacy audits by third-party experts
• Clearer explanations of business models and how data is monetized
• More transparent privacy policies written in accessible language

Beyond financial compensation, these settlements have established important precedents about the special care required when handling mental health information, even outside traditional healthcare contexts.

Industry Changes Following Litigation

Class action litigation has begun to reshape industry practices in several ways:

Privacy-Centric Business Models

Some mental health apps have shifted away from data-driven revenue models toward subscription-based approaches that reduce reliance on data monetization. This allows them to minimize third-party sharing while maintaining financial sustainability.

Standardized Privacy Disclosures

Industry associations have developed specialized privacy disclosure frameworks specifically for mental health apps, emphasizing plain language explanations of data practices and clear opt-in consent for sensitive information.

Data Minimization

Many apps have implemented stricter data minimization protocols, collecting only information directly necessary for providing their services rather than gathering extensive behavioral data.

Enhanced Security Measures

Following litigation highlighting security vulnerabilities, many mental health apps have implemented stronger protections, including:

• End-to-end encryption for therapy messages
• Secure data storage with advanced authentication
• Regular security audits and vulnerability testing
• Improved data retention and deletion practices

Ethical AI Guidelines

Several leading companies have developed ethical guidelines for using artificial intelligence in mental health applications, addressing concerns about how user data trains algorithms and how those algorithms might affect vulnerable individuals.

Despite these improvements, the mental health app industry still lacks comprehensive regulation, and privacy advocates argue that more fundamental changes are needed to adequately protect users.

How to Join a Mental Health App Class Action

If you've used mental health apps and are concerned about how your data may have been handled, you may be eligible to participate in class action litigation. Here's how the process typically works:

1. Class Notification: If a settlement is reached, companies are typically required to notify users through email, in-app notifications, or public notices
2. Eligibility Verification: Determine if you meet the class definition, which usually requires that you used the service during a specific time period
3. Claim Submission: Complete a claim form by the specified deadline, which can often be done online through a settlement website
4. Documentation: You may need to provide proof of your use of the app, though many settlements accept declarations under penalty of perjury
5. Payment Distribution: If the case results in a settlement, payments are distributed according to the settlement terms

Services like GetBack can help you identify mental health app class actions you may qualify for and navigate the claims process. This is particularly valuable given the sensitive nature of these apps and the potential reluctance of users to publicly discuss their use of mental health services.

Protecting Your Privacy When Using Mental Health Apps

While class actions provide remedies after privacy violations occur, users can take proactive steps to protect their privacy when using mental health apps:

• Research Before Downloading: Check independent privacy reviews from organizations like Mozilla's Privacy Not Included guide or the Electronic Frontier Foundation
• Read Privacy Policies: Focus particularly on sections about data sharing with third parties and whether your information is used for advertising
• Look for HIPAA Compliance: Apps that explicitly state they are HIPAA-compliant must meet higher privacy standards, though this may limit some functionality
• Check Business Model: Be wary of free apps with no clear revenue source, as they may be monetizing user data
• Limit Personal Information: Consider using a pseudonym where permitted and only provide information that's necessary for the app's core functions
• Adjust Privacy Settings: Many apps allow you to opt out of certain types of data collection or sharing in their settings
• Use App Privacy Features: Take advantage of built-in privacy features like PIN protection, biometric locks, or end-to-end encryption when available
• Regular Data Deletion: Periodically delete old data from apps, including chat histories and journal entries you no longer need
• Monitor App Permissions: Review what permissions the app has on your device (location, camera, microphone) and restrict unnecessary access

Remember that the most private option is often to work with licensed mental health providers who are bound by professional ethics and HIPAA regulations, though this may not be accessible or affordable for everyone.

Conclusion

Class action lawsuits have become an important mechanism for addressing privacy violations by mental health apps, helping to establish standards in an under-regulated space where exceptionally sensitive information is at stake. These cases not only provide compensation to affected users but also drive meaningful changes in how these apps handle personal data.

The tension between making mental health support more accessible and ensuring proper privacy protections represents a significant challenge. While technology has democratized access to mental health resources, the associated privacy risks require ongoing vigilance from both users and regulators.

If you use mental health apps, take time to understand their privacy practices, implement available protections, and stay informed about relevant class actions that may affect your rights. By being an informed consumer and supporting privacy-focused services, you can help push the industry toward practices that respect the sensitive nature of mental health information while preserving the benefits these technologies offer.