Should women be concerned that data from their period tracking apps is being used against them?

It is estimated that millions of people in the U.S. use period tracking apps to plan ahead, track ovulation time and monitor other health effects. These apps can help signal when your period is delayed.

Post Politico May 2 draft opinion The Supreme Court said, Roe v Wade, the landmark decision to guarantee the constitutional right to abortion is set to be overturned, and people turn to social media. They expressed concerns about the privacy of the information — especially for people living in states with strict restrictions on abortion — and how it might be used against them.

Recommended by many users delete now All personal data from period tracking apps.

“If you’re using an online period tracker or tracking your period from your phone, turn it off and delete your data,” campaigner and lawyer Elizabeth McLaughlin says in a viral tweet. “Now.”

Likewise, cybersecurity expert Eva Galperin, data says It may be “used to sue you” if you choose to have an abortion.

This made us wonder – are these concerns justified, and should people who use period tracking apps completely delete the data or the app from their phones? We asked the experts.

• Is your period tracking app data shared?

Privacy policies — specifically whether apps sell information to data brokers, use data for advertising, share data for research, or just keep it within apps — vary widely between companies .

“Will it encrypt? What’s its business model?” asked Lucia Savage, chief privacy and regulatory officer at digital therapeutics company Omada Health. “If you cannot find the Terms of Service or Privacy Policy, please do not use the app.”

Period-tracking apps are generally not covered by the Health Insurance Portability and Accountability Act or HIPAA, but they are if the company bills for health care services. Still, HIPAA did not prevent the company from sharing de-identified data. If the app is free — and the company is monetizing the data — then “you are the product” and HIPAA doesn’t apply, Savage said.

A 2019 study Published in the British Medical Journal It was found that 79% of health apps available through the Google Play Store regularly share user data and are “far from being transparent”.

When it comes to marketing, data on pregnant women is particularly valuable and difficult to read Barrage of Cookies and RobotsSome period tracking apps, which often ask for health information in addition to menstrual cycle details, also participate in the wider internet data economy.

“This data can be sold to third parties, such as big tech companies; or insurance companies, which can then use it to make targeted decisions, such as whether to sell you a life insurance policy, or what your premiums should be,” said Julia DeTonya researcher in health and artificial intelligence at the University of Edinburgh, Scotland.

Flo Health, headquartered in London, Settled with the FTC last year The company is accused of using its fertility-tracking app to share users’ health data with outside data-analytics firms including Facebook and Google after promising privacy.

2019, Ovia Health attract criticism Used to share data (albeit de-identified and aggregated) with employers who can buy menstrual and pregnancy tracking apps as a health benefit to their workers. Those using the employer-sponsored version must currently opt-in to this data sharing.

About 10,000 words by Ovia Privacy Policy Details how the company shares or sells de-identified health data and uses tracking technology on its free direct-to-consumer version for advertising and analytics.

For European residents, companies must comply with stricter General Data Protection Regulation, which grants ownership of data to consumers and requires consent before personal data is collected and processed. Consumers also have the right to delete their online data.

Companies may choose to extend these rights to people living in the United States through their Privacy Policy and Terms of Service. If they do, the FTC can hold the companies accountable for those commitments, said Deven McGraw, Invitae’s head of data stewardship and former deputy director of health information privacy for the Department of Health and Human Services’ Office of Civil Rights.

Cycles, the period-tracking app owned by the Swedish company Perigee, falls into this category. The company promised its users that it would not advertise or sell data to third parties. Instead, it makes money entirely from subscriptions, said spokesman Raneal Engineer.

Worried customers have been contacting Clue, another health app developed by the Berlin-based company. “We fully understand this anxiety and we want to assure you that your health data, especially any data you track in Clue about your pregnancy, miscarriage or abortion, is confidential and safe,” Clue Co-CEO Carrie Walter said the statement in an email.

some states such as California and Virginiahas state-level laws that give users ownership of their information and whether to sell it to third parties.

Data brokers trade other types of information, such as location-tracking data of people accessing Planned Parenthood, which may be purchased by law enforcement or government officials. Earlier this month, SafeGraph stopped selling cellphone tracking data that mapped the movements of people visiting Planned Parenthood, how long they stayed and where they went afterward. Vice reported buying a week’s worth of data for $160.

Also of concern is the company’s level of data security, and how sensitive it is to data breaches. “Hacking is a crime, there’s no question about it,” Savage said. “But once hacked, the information can be released.”

• Can the data be used in criminal proceedings?

The short answer is yes.

“It’s almost surreal that using a period app can get you in trouble in some states,” McGraw said. “But if abortion is a crime, it can be used when a lawsuit is brought against you.”

It depends on where you live, but from a privacy standpoint, there are no federal protections against this happening, she added.Last year, Sen. Ron Wyden (D-Ore.) introduced Fourth Amendment Prohibition of Sale Act, which would prohibit data brokers from selling personal information to law enforcement or intelligence agencies without court oversight. But the legislation has not yet been put to a vote.

Wyden told KHN he was “absolutely” concerned that abortion seekers could be implicated in their phone data.

“It’s really an ominous prospect that women are using personal data as a weapon against them,” Wyden said. “These big data agencies,” he said, “have to make a decision — whether they’re going to protect the women who do business with them. Privacy? Or will they basically sell to the highest bidder?”

In the absence of federal law, it may be difficult for companies to refuse to hand over data related to a particular case if law enforcement does receive a court-ordered subpoena.

“Given the breadth of U.S. surveillance laws, if a company collects and holds information, that information is vulnerable to coercion by law enforcement,” said Amy Stepanovich, Privacy Attorney and Vice President of U.S. Policy at the Future of Privacy Forum. “They don’t necessarily have the ability to legally prevent law enforcement from providing this information once the proper process is in place.”

Still, even in states with strict restrictions on abortion, much depends on how those laws are structured.Last month, for example, a Texas woman was charged with murder for “self-abortion” fired After district attorneys found it did not violate a state law that criminalized providers who provided abortions instead of patients.

if Roe v Wade After being knocked down, 14 states enacted so-called trigger laws that would go into effect automatically and ban abortion immediately or after a set time window (e.g., six or 15 weeks), Analysis according to KFF.

“It’s really complicated behind the scenes, but I don’t think people should blindly assume their data is safe in legal proceedings,” Savage said. That could depend on how the company handles the subpoena, she added. Some will fight them and some will not.

Take Apple as an example, it repeatedly resist Unlock iPhones for law enforcement in high-profile cases such as the 2015 San Bernardino shooting. Data in Apple’s Health app, including its period tracker, is “encrypted and inaccessible by default.” Company Privacy Policy. All health data in the app is kept on one’s phone, not on a server. But at the same time, Savage said, people in low-income neighborhoods don’t always have an iPhone because it’s an expensive device.

Ovia’s privacy policy says the company may provide data to law enforcement if required by law or subpoena. However, the company said in a statement that it “has never provided Ovia user data to any government, and we have never received a request from any government to access Ovia user data.” There is also an option in Ovia’s account settings Account data can be deleted “completely and permanently”.

Period trackers based in Europe can still be subpoenaed despite safeguards under the GDRP, says Li Tiana senior attorney at the Electronic Frontier Foundation.

“even [European Union] Companies are subject to U.S. legal processes, although it takes longer,” Tien said. “The U.S. has mutual legal treaties with other countries, including EU countries, and law enforcement knows how to exchange information. “

• Has it been used by a public official or law enforcement before?

Officials with anti-abortion views have used menstrual tracking information in the past. In 2019, former Missouri Surgeon General Dr. Randall Williams received Spreadsheets Track the menstrual periods of women who visit Planned Parenthood to identify patients who have experienced miscarriages but have not been able to terminate their pregnancies.

Former refugee resettlement chief and anti-abortion activist Scott Lloyd admits during Trump administration Tracking the Menstrual Cycle of Teen Immigrants to prevent them from having abortions.

“We’re thinking about period trackers now, just like we’ve been thinking about facial recognition software for years,” Savage said.

• Should you delete your period tracking app?

Experts say period-tracking apps are unlikely to be the only evidence of use if a lawsuit is filed against you for seeking an abortion.

“Frankly, I think if law enforcement or civil investigators are trying to find out who is having an abortion, there are probably several other venues that are more realistic or immediately useful,” Stepanovich said. “They might get information dumps of relevant data, like trying to get the location information of everyone who dropped off near an abortion center, which is a much smaller dataset, or getting people calling abortion hotlines at certain times. “

Stepanovich added that whenever someone uses a smartphone with any type of app, it is possible to obtain data and use it as part of criminal or civil proceedings. Bottom line: The only way to completely avoid the risk is to not use a smartphone.

But McGraw took a more cautious approach: “If I lived in a state where I thought the data might end up in the hands of law enforcement, I wouldn’t track [my period] Absolutely not. “

Ultimately, people using period tracking apps should be aware of the risks of using the technology while considering the benefits it brings to their lives.

“You have to think about what you need in terms of period tracking,” Tien said. “You have to weigh and ask yourself, ‘Does this convenience really matter to me?'”

Leave a Reply

Your email address will not be published. Required fields are marked *