Only 1 of 25 apps that track reproductive health protect user data: report – The Hill
The story at a glance
- The Mozilla Foundation analyzed 25 popular reproductive health apps for their privacy and security policies.
- Mozilla found that there is no clear position on how data is shared with law enforcement.
Millions of Americans use mobile apps to track their menstrual cycle, sexual activity and ovulation windows and not all of that data is always protected, new analysis finds most reproductive health apps have weak protection of privacy.
The Mozilla Foundation, founder of the Firefox web browser, investigated 25 reproductive health apps and portable devices, including Flo, Glow, Ovia, Period Tracker Period Calendar and My Calendar Period Tracker, for their privacy and security practices.
Mozilla has found that many of these reproductive health apps collect large amounts of personal data from users, ranging from phone numbers, emails, home addresses, menstrual cycle dates, sexual activity, doctor’s appointments, pregnancy symptoms and more.
Mozilla has found that most apps typically share user data for marketing purposes, so users will receive targeted advertisements. However, when it came to sharing data with law enforcement, the guidelines for most apps were vague.
Notably, Mozilla found that when it came to sharing data with law enforcement, My Calendar Period Tracker only said, “we use the information collected through the app to…comply with any court order. court, law or legal process”.
Ashley Boyd, vice president of advocacy at Mozilla, explained that due to the current state of abortion access in the United States, “apps and devices overnight that millions of people trust have the potential to be used to prosecute people seeking abortions”.
Boyd advised users to think twice before using most reproductive health apps, as many are “riddled with loopholes and fail to properly secure intimate data”.
There was one app that rose to the top, which is Euki. The app does not collect any personal information about users and any information users choose to enter into the app regarding their sexual or reproductive health is stored locally on the user’s device. This means users have full control of their data at all times.
Other period-tracking apps, like Flo and Clue, have made statements reaffirming that they don’t share users’ personal data. However, Flo was investigated by the Federal Trade Commission (FTC) last year for sharing users’ fertility data with third parties, including Facebook and Google, despite users promising that this would not be the case.
The FTC eventually asked Flo to require user consent before sharing personal health data with others and to have an independent review of its privacy practices.
In conclusion, Mozilla found that there is no clear position on how data is shared with law enforcement, with most apps relying on vague boilerplate statements that do not do not include clear guidelines on when and how much user data can be shared with US law enforcement.
This is particularly worrisome in the current political climate here in the United States, as an increasing number of states have passed laws banning or severely restricting abortion. Many privacy advocates have warned that law enforcement or anti-abortion groups could seek user data from reproductive health apps in order to enforce these bans.
Adding to the risk, the United States currently has no federal privacy law that governs the collection and sale of user data between private sector companies. There is an ongoing effort to change this, with introduced legislation last year, it would close the legal loophole that allows data brokers to sell Americans’ personal data to law enforcement and intelligence agencies without any judicial oversight.
The bill has not yet been taken up by Congress.
Posted on August 17, 2022