Opinion: The danger of period-tracking apps in a post-Roe world

Editor’s note: Katherine Yao is a writer studying molecular biochemistry and English at Yale University. Megan Ranney, MD, MPH, is a professor of emergency medicine and academic dean at Brown University School of Public Health. The opinions expressed in this commentary are their own. Read more reviews on CNN.


The very first question posed to new users of Flo, a popular period tracker app, is: “Are you pregnant?” People who want to start using the app probably don’t think too hard before answering this question. But they should.

Katherine Yao

Megan Ranney

As we face a likely future in which Roe v. Wade will be struck down by the Supreme Court, privacy experts and lay consumers fear that this and other digital data collected by period-tracking apps could be used to prosecute women seeking or having abortions.

The “FemTech” industry – a term coined by Ida Tin, the founder of another period-tracking app called Clue – is expected to reach $60 billion worldwide by 2027, according to Emergen Research, a research firm. market research and strategy consulting.

And no wonder! Our friends tell us that digital health apps, including period tracking apps, increase knowledge, help them manage PMS symptoms, and help with fertility tracking. Our patients will often pull out their period tracker app to show us that they couldn’t be pregnant or to remind themselves of the date of their last period. These applications are simply stimulating.

But there is also a potential dark side. The simple fact that many of these apps collect and store your data in the cloud or on a server, rather than on your phone, is cause for concern.

Most of the well-known period tracking apps collect data on intimate details ranging from users’ menstrual cycles to their sex life to their medication usage. In 2020, Privacy International (PI), a nonprofit advocacy group, asked five policy-tracking apps for data that had been collected about a PI employee who had volunteered to use the apps for the project.

An application has been found to store the answers to the most intimate questions on the company’s server, such as “What type of relationship do you currently have?” Another was noted for collecting approximate location data whenever the user interacted with the app. Other independent assessments have come to similar conclusions.

This stored information is rarely under your control. Most digital health apps, including period-tracking apps, are exempt from federal health information privacy laws that govern healthcare providers. So period-tracking apps essentially have free rein over who they share your health data with — as long as they tell you about their privacy policies.

Flo explicitly states in its privacy policy that it does not sell any personal data and does not collect such data without informing its users. Depending on the app, third parties help process users’ non-medical personal data, primarily for marketing and functional purposes, and in accordance with their privacy policies, they require users to provide consent before sharing some of this data. . Some third parties provide basic services, such as web hosting and payment processing, while others are responsible for application analysis and ad targeting.

But last year, the Federal Trade Commission (FTC) reached a settlement with Flo after it discovered the company had disclosed consumer fertility data to third parties such as Facebook and Google. In doing so, the FTC alleged that Flo broke his promise that users’ health data would remain private. According to the complaint filed by the FTC, Flo did not limit how these third parties could use the data they received. Flo said in a statement that the settlement was “not an admission of wrongdoing.”

The FTC case showed us that while the role of third parties seems rather benign, the lack of federal regulations limiting the personal and health data that can be provided to them is problematic.

Equally, if not more problematic, is the possibility that data from period-tracking apps could be subpoenaed and used as evidence to prove criminal miscarriage. It’s unclear whether non-health data could be used to suggest a woman had an abortion. But the possibility that menstrual cycle data from these apps could be used in court as evidence that a woman has terminated a pregnancy is of growing concern to lawyers and users. It should be noted that if you use other apps, such as a calendar, to track your period, this data could also be affected.

Imagine that for years you had regular periods, every 28 days. Then, one month, you miss your period. Then, either because you keep missing your period or simply forget to enter your period data, you don’t enter anything for the following months – only to resume period tracking a few months later. This information could be subject to a subpoena. So who’s to say you haven’t had an abortion or miscarriage?

Eric Perakslis, scientific and digital director of the Duke Clinical Research Institute, points out that “loss of privacy in itself is not harmful… It’s when someone does something wrong with your data” that things turn wrong. “When you don’t have a comprehensive privacy law,” says Perakslis, “you at least need protection from these bad things.”

This protection, unfortunately, does not exist. And plenty of evidence from healthcare — including the field of reproductive health — suggests how easy it is to access sensitive data for the “bad stuff.”

As Halle Tecco, an investor and advocate for women’s health, points out, the existing guarantees are insufficient. “Especially as women may have less faith in the system due to a lifetime of dealing with gender stereotyping and medical gaslighting – it’s important that we protect and respect privacy,” said said Tecco.

At the political level, the federal government can and must therefore strengthen measures to protect digital health. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 were intended to provide comprehensive protection of personal health data. However, these protections are outdated and do not take into account a rapidly changing healthcare system where digital health applications play a critical and growing role. Federal safeguards must expand to cover more healthcare entities, including rule-tracking apps, and explicitly prioritize and enforce protecting the privacy of individuals instead of allowing companies to simply rely on a user consent template.

In the meantime, we, the end users, have our say.

Perakslis and Tecco recommend users of rule-tracking apps ask companies better. In the words of Perakslis: “Tell them you can do this better. Lock your apps. Make your privacy policies clear. And establish a policy that protects your users, not just your business. »

Of course, not all period tracking apps are bad. Piraye Yurttas Beim, Founder and CEO of Celmatix, a women’s health biotechnology company, reminds us that “when developed responsibly by good companies, who both engage with regulators and engage in good privacy, there is a net positive. I would hate for women who use apps developed by high-quality companies to abandon them. »

So: know what you are using. Before signing up for an app, read the privacy policies carefully, using nonprofit resources like the Electronic Frontier Foundation to inform you. Consider creating an anonymous email when signing up for the app. If possible, choose an app that stores all your data on your phone, which provides a much higher level of privacy.

And if you’re in any doubt about the privacy of your data on the app you’re using, you might consider going back to what women did 15 years ago: follow your period with paper and pencil.

Leave a Comment