Do period tracking apps need better data leak-protection?

Flinders University law experts are raising questions about the privacy of personal health data collected by period tracking apps and other ‘FemTech’ products and ways this data could be used by third parties.

In an article published in the Law Society of South Australia Journal, Professor Tania Leiman and Lydia Chia say the sensitive data collected by menstrual or ovulation tracking apps could be seen as valuable by employers, health insurers and the legal system.

They say app terms and conditions and privacy policies provide varying levels of data and privacy protection, which users may not understand.

Leiman tells Cosmos her interest in the privacy implications of menstrual tracking apps was piqued when her social media “erupted” the day after the US Supreme Court overturned Roe vs Wade.

She says many users deleted their ovulation apps in the wake of that decision, fearful of how the data might be used.

Those events in the US provide an opportunity to raise broader questions about the kinds of health and biometric data being collected via these apps, and for users and regulators to consider ways the data could be used to exert control or coercion over female bodies.

“When we start thinking about our Fitbits, our Garmins, our ovulation apps, all of those things […] it’s leaving a trail that really is hugely intrusive into the way our bodies work,” Leiman says.

She says it’s important for people to start asking questions about what happens with the data and whether there are legal frameworks that might protect people or prevent certain uses of that data.

“Sometimes it’s really helpful to think about the extreme cases, because they make us stop and think, ‘okay, I’m generating this data set about myself. I’m not entirely sure where it’s going, do I need to think more carefully about it? Because I am aware that in other places on this planet, this might have implications that I wouldn’t be comfortable with,” Leiman says.

The apps are one example of a digital technology which can at first appear helpful and useful but pose risks in terms of how data could be shared and used for other purposes, and even monetised.

For example, Leiman says, beauty company L’Oréal has an arrangement with one of the major period and ovulation apps to obtain data about skin changes during hormonal cycles.

She’s aware of apps which are specifically designed for students, for people as young as 13, and obstetricians and gynaecologists who recommend their patients use the apps as a matter of course.

The apps are often convenient and informative, allowing young women to find out a whole lot of information in the privacy of their own home. But they do come with privacy and data security risks.

“If we’re going to make a bargain of convenience, do we understand the bargain we are making,” says Leiman.

Other researchers are flagging similar concerns about FemTech. 

Dr Katherine Kemp from the University of New South Wales analysed the privacy policies of twelve popular fertility apps used by Australian consumers.

Her analysis shows apps collected a range of detailed and intimate data from users including pregnancy test results, sexual activity, period cycles, information about moods and other health conditions. 

Kemp’s research reveals serious privacy flaws in fertility apps used by Australian consumers. They often had confusing or misleading privacy messages, lacked choice in how data is used, retained data for years after a consumer stopped using an app and failed to adequately de-identify data shared with other organisations. 

Almost three quarters of women surveyed for a 2015 paper published in Women and Birth had used a pregnancy app.