- Advertisement -

Should You Worry About Data From Your Period-Tracking App Being Used Against You?

It’s estimated that thousands and thousands of individuals within the U.S. use period-tracking apps to plan forward, observe when they’re ovulating, and monitor different well being results. The apps will help sign when a interval is late.

After Politico printed on May 2 a draft opinion from the Supreme Court indicating that Roe v. Wade, the regulation that ensures the constitutional proper to an abortion, can be overturned, individuals turned to social media. They had been expressing considerations in regards to the privateness of this data — particularly for individuals who reside in states with strict limits on abortion — and the way it is likely to be used in opposition to them.

Many customers beneficial instantly deleting all private information from period-tracking apps.

“If you are using an online period tracker or tracking your cycles through your phone, get off it and delete your data,” activist and legal professional Elizabeth McLaughlin mentioned in a viral tweet. “Now.”

Similarly, Eva Galperin, a cybersecurity knowledgeable, mentioned the information may “be used to prosecute you if you ever choose to have an abortion.”

That bought us questioning — are these considerations warranted, and will individuals who use period-tracking apps delete the information or the app fully from their telephones? We requested the specialists.

Is Your Period-Tracking App Data Shared?

Privacy insurance policies — particularly, whether or not the apps promote data to information brokers, use the information for promoting, share it for analysis, or hold it solely throughout the app — fluctuate considerably amongst firms.

“Does it encrypt? What’s its business model?” mentioned Lucia Savage, chief privateness and regulatory officer for Omada Health, a digital therapeutics firm. “If you can’t find terms of service or a privacy policy, don’t use that app.”

Period-tracking apps are sometimes not lined below the Health Insurance Portability and Accountability Act, or HIPAA, although if the corporate is billing for well being care providers, it may be. Still, HIPAA doesn’t stop the corporate from sharing de-identified information. If the app is free — and the corporate is monetizing the information — then “you are the product” and HIPAA doesn’t apply, Savage mentioned.

A 2019 research printed within the BMJ discovered that 79% of well being apps out there by way of the Google Play retailer frequently shared consumer information and had been “far from transparent.”

When it involves advertising and marketing, a pregnant particular person’s information is especially of excessive worth and could be laborious to cover from the barrage of cookies and bots. Some period-tracking apps, which regularly ask for well being data in addition to menstrual cycle particulars, participate within the broader web information financial system, too.

“The data can be sold to third parties, such as big tech companies; or to insurance companies, where it could then be used to make targeting decisions, such as whether to sell you a life insurance policy, or how much your premium should be,” mentioned Giulia De Togni, a well being and synthetic intelligence researcher on the University of Edinburgh in Scotland.

Flo Health, headquartered in London, settled with the Federal Trade Commission final yr over allegations that the corporate, after guarantees of privateness, shared well being information of customers utilizing its fertility-tracking app with outdoors information analytics firms, together with Facebook and Google.

In 2019, Ovia Health drew criticism for sharing information — although de-identified and aggregated — with employers, who may buy the period- and pregnancy-tracking app as a well being profit for his or her staff. People utilizing the employer-sponsored model should at the moment choose in for this sort of data-sharing.

Ovia’s roughly 10,000-word privateness coverage particulars how the corporate could share or promote de-identified well being information and makes use of monitoring applied sciences for ads and analytics on its free, direct-to-consumer model.

For European residents, firms should adjust to the stricter General Data Protection Regulation, which provides possession of information to the patron and requires consent earlier than gathering and processing private information. Consumers even have the best to have their on-line information erased.

Companies have the choice of extending these rights to individuals dwelling within the U.S. by way of their privateness insurance policies and phrases of providers. If they achieve this, the FTC can then maintain the businesses accountable for these commitments, mentioned Deven McGraw, Invitae’s head of information stewardship and the previous deputy director for well being data privateness on the Department of Health and Human Services Office for Civil Rights.

The period-tracking app Cycles, which is owned by Swedish firm Perigee, falls into this class. The firm guarantees its customers that it doesn’t do any promoting or promoting of information to 3rd events. Instead, it makes cash solely by way of subscriptions, spokesperson Raneal Engineer mentioned.

Concerned prospects have been reaching out to a different well being app, Clue, developed by an organization based mostly in Berlin. “We completely understand this anxiety, and we want to reassure you that your health data, particularly any data you track in Clue about pregnancies, pregnancy loss or abortion, is kept private and safe,” Clue co-CEO Carrie Walter mentioned in an emailed assertion.

Some states, equivalent to California and Virginia, have state-level legal guidelines that give customers possession over their data and whether or not it’s offered to 3rd events.

Data brokers commerce in different kinds of data, equivalent to location-tracking information for individuals who visited Planned Parenthood, which probably may very well be bought by regulation enforcement or authorities officers. Earlier this month, SafeGraph halted promoting cellphone-tracking information mapping the actions of individuals visiting Planned Parenthood, how lengthy they stayed, and the place they went afterward, after Vice reported shopping for every week’s value of information for $160.

Also of concern is an organization’s degree of information safety, and the way prone it’s to a breach. “Hacking is criminal, there’s no question about it,” Savage mentioned. “But once it’s hacked, information can be released.”

Could This Data Be Used in a Criminal Prosecution?

The quick reply is sure.

“It’s almost surreal that in some states using a period app could get you into trouble,” mentioned McGraw. “But if an abortion is a crime, it could be accessed in building a case against you.”

This depends upon the place you reside, however there aren’t any federal protections in opposition to that taking place from a privateness standpoint, she added. Last yr, Sen. Ron Wyden (D-Ore.) launched the Fourth Amendment Is Not For Sale Act, which might prohibit information brokers from promoting private data to regulation enforcement or intelligence businesses with out court docket oversight. But the laws has but to make it to a vote.

Wyden advised KHN he was “absolutely” nervous in regards to the likelihood that individuals who search an abortion may very well be incriminated by their telephone information.

“It is really an ominous prospect of women having their personal data weaponized against them,” mentioned Wyden. “These big data outfits,” he mentioned, “gotta decide — are they going to protect the privacy of women who do business with them? Or are they basically going to sell out to the highest bidder?”

In the absence of a federal regulation, if regulation enforcement does get a court-ordered subpoena, it may be troublesome for an organization to withstand handing over information associated to a selected case.

“Given the breadth of surveillance laws in the U.S., if a company collects and keeps information, that information is susceptible to being compelled by law enforcement,” mentioned Amie Stepanovich, a privateness lawyer and vp of U.S. coverage on the Future of Privacy Forum. “They don’t necessarily have the ability to legally keep that information from law enforcement once the proper process has been undertaken.”

Still, even in states with strict abortion limits on the books, a lot depends upon how these legal guidelines are structured. Last month, as an example, a homicide cost in opposition to a Texas girl for a “self-induced abortion” was dismissed after the district legal professional discovered it didn’t violate state regulation, which criminalizes suppliers performing abortions, not the sufferers.

If Roe v. Wade is struck down, 14 states have so-called set off legal guidelines that might mechanically go into impact and ban abortion outright or after set home windows of time — as an example, six weeks or 15 weeks, in line with a KFF evaluation.

“It’s really complicated under the hood, but I don’t think people should blindly assume their data is safe from legal process,” Savage mentioned. It can rely on the corporate’s method to subpoenas, she added. Some will combat them whereas others won’t.

Take Apple, for instance, which repeatedly resisted unlocking iPhones for regulation enforcement in high-profile instances just like the 2015 San Bernardino capturing. Data in Apple’s well being app, which incorporates its interval tracker, is “encrypted and inaccessible by default,” in line with the corporate’s privateness coverage. All the well being information within the app is stored on an individual’s telephone, not saved on servers. But on the similar time, Savage mentioned, people who find themselves in low-income communities don’t all the time have an iPhone as a result of it’s an costly piece of kit.

Ovia’s privateness coverage says the corporate could give information to regulation enforcement if required by regulation or subpoena. The firm, nonetheless, mentioned in an announcement that it has “never provided Ovia user data to any government, nor have we ever received any government requests for access to Ovia user data.” There can also be an choice in Ovia’s account settings to delete account information “entirely and permanently.”

Despite safeguards in place below the GDRP, interval trackers based mostly in Europe can nonetheless be subpoenaed as properly, mentioned Lee Tien, a senior workers legal professional on the Electronic Frontier Foundation.

“Even [European Union] companies are subject to the U.S. legal process, though it would take longer,” mentioned Tien. “The U.S. has mutual legal treaties with other countries, including E.U. countries, and law enforcement knows how to exchange information.”

Has This Kind of Information Been Used by Public Officials or Law Enforcement Before?

Officials holding anti-abortion views have leveraged period-tracking data up to now. In 2019, former Missouri state well being director Dr. Randall Williams obtained a spreadsheet monitoring the menstrual intervals of girls who visited Planned Parenthood in an effort to establish sufferers who had skilled an abortion that didn’t terminate the being pregnant.

During the Trump administration, former refugee resettlement chief and anti-abortion activist Scott Lloyd admitted to preserving observe of the menstrual cycles of sweet sixteen migrants in an effort to cease them from getting abortions.

“We are now thinking of period trackers the way we’ve been thinking of facial recognition software for years,” Savage mentioned.

Should You Delete Your Period-Tracking App?

Experts mentioned it’s unlikely {that a} period-tracking app can be the only real piece of proof used if somebody had been constructing a case in opposition to you for in search of an abortion.

“Frankly, I think if law enforcement or a civil investigator were trying to figure out who is having an abortion, there are probably several other venues that are more realistic or more immediately useful,” mentioned Stepanovich. “They would likely get a dump of information for the relevant data,” she continued, “such as trying to get the location information of everyone that got dropped off close to an abortion center, which is a much smaller set of data, or getting people who called abortion hotlines at certain times.”

Stepanovich added that so long as somebody is utilizing a smartphone with any sort of app on it there’s a threat that information may very well be obtained and used as a part of a felony or civil prosecution. Bottom line: The solely option to keep away from threat altogether is to not use a smartphone.

But McGraw took a extra cautious method: “If I lived in a state where I thought that data might end up in the hands of law enforcement, I wouldn’t track [my period] at all.”

Ultimately, individuals who use period-tracking apps ought to concentrate on the chance of utilizing the know-how whereas contemplating the profit it brings to their life.

“You have to think about what you need in terms of period tracking,” mentioned Tien. “You have to weigh and ask yourself, ‘How much does this convenience really matter to me?’”

KHN (Kaiser Health News) is a nationwide newsroom that produces in-depth journalism about well being points. Together with Policy Analysis and Polling, KHN is among the three main working applications at KFF (Kaiser Family Foundation). KFF is an endowed nonprofit group offering data on well being points to the nation.


This story could be republished free of charge (particulars).

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

%d bloggers like this: