Privacy took center stage when attorney Michael Canty visited a class on cyber law offered through Duke Law and Sanford. He opened with a stark reminder of our lives online: “You are the product.” That idea framed his and colleague Danielle Mazzeo’s deep dive into Frasco v. Flo Health, the 2025 case that “found Meta had violated the state’s wiretapping law,” exposing how the company secretly collected and monetized personal health data.
The visit gave students a rare look at how digital privacy law works. Co-taught by David Hoffman and Shane Stansbury, the course blends law and policy to explore the ethics of cybersecurity. Hoffman explained that the session was designed to show students “how privacy law moves from theory to practice.”
The story behind the lawsuit was both technical and human. Canty and Mazzeo had represented a nationwide class of women who relied on Flo Health to track cycles, fertility and pregnancies. Their investigation revealed that the app had been sharing sensitive information without user consent. As Canty told the class, “The cornerstone of all these cases is consent.”
The attorneys explained their behind-the-scenes process, with Canty describing how the team built evidence that Meta’s tools were recording user data. Mazzeo explained, “We had to prove what was happening under the hood,” and translate complex code into terms a jury could understand.
The human impact made the case resonate. “These weren’t abstract privacy violations,” Canty said. He referred to clients including “a 15-year-old girl who used Flo Health to track her cycle” and “a mother trying to get pregnant.”
Integrity became Canty’s final message. He urged students to resist “a troubling culture of obstruction” in corporate practice and reminded them that “you can be an ethical, honorable lawyer and also be the best in the business.”
