In a rare digital privacy verdict, a federal jury held in July 2025 that Meta illegally eavesdropped on millions of women who entered menstrual and pregnancy health data into the Flo Period and Ovulation Tracker app (Flo app). Meta’s violation of the California Invasion of Privacy Act (CIPA) could trigger statutory damages, when they are decided in 2026, that run into the hundreds of millions of dollars. The verdict warns the multitudes of companies that receive data from a software development kit that they may have CIPA liability. The first article in a two-part series about CIPA lawsuits examined the plaintiffs’ successful strategies to persuade the jury that Meta intentionally eavesdropped on them in Flo’s app without consent, and the dynamics of trying privacy cases before a jury, with commentary from privacy litigators at Farella, Braun & Martel, Holland & Knight, Troutman Amin and a plaintiffs’ attorney who reached a $725‑million settlement with Meta. Part two discussed the implications of Meta’s trial loss for other companies, with lessons about consent, software development kit use, AI training notice, anonymization and class action waivers, and distilled the cloudy CIPA litigation landscape, which has seen several notable but clashing pretrial decisions in 2025.