Period apps, ovulation tracking or cycle monitoring are popular. There are hundreds of these cycle-monitoring apps for the purpose of either conceiving or avoiding pregnancy. In the wake of Roe v. Wade decision in the US concerns about abortion survellance has given rise to a debate and Americans are now deleting their period apps.
In 2021, Business Insiders called period-tracking apps “a privacy nightmare” stating that they have a track record of shaky privacy practices collecting intimate and personal health information and potentially sensitive data. Technology has long collected sensitive pregnancy-related information about consumers. In 2015, as an example, abortion opponents microtargeted ads to individuals that were entering reproductive health clinics, using so-called geofencing technology to identify smartphones in the area with messages such as “Pregnancy Help” and “You Have Choices”.
Slack Procedures in the Cycle-App Industry
Now there is a renewed attention to the slack procedures in the cycle-app industry and to the fact that there are only a few federal regulations that protect privacy. Even more so, worry has been expressed regarding potential data tracking by law enforcement. As Cooper Quintin, a senior staff technologist at digital rights group Electronic Frontier Foundation, said to The Guardian: “I’m concerned that all this data that’s already out there that’s already been collected and is just sitting in data silos is going to be used for mass prosecutions, mass arrests and do real significant harm.”
In the light of data collection practices of tech companies like Alphabet Inc’s Google, the Meta Platforms Inc and Amazon.com Inc the risk is clear, as specified by Reuters: They have the potential to incriminate abortion-seekers for state laws that many in Silicon Valley oppose. Cynthia Conti-Cook, a technology fellow at the Ford Foundation expresses concerns: “It is very likely that there’s going to be requests made to those tech companies for information related to search histories, to websites visited.”
GDPR as bulwark?
Two popular trackers are US-based Flo and German-based Clue, that are estimated to be used by 55 million Americans each month. A company like Clue writes on their website that “Your personally identifiable health data regarding pregnancies, pregnancy loss or abortion, is kept private and safe. We don’t sell it, we don’t share it for anyone else’s use, we won’t disclose it. We are governed by the world’s strictest privacy laws (the European GDPR), and we invest a lot of time and expense in making sure we comply with them”.
Health data from period trackers are regulated very differently in the US and EU. In the US, apps can sell such data more or less freely, as they are just regulated as consumer data. Only health data in the hands of doctors and insurance companies are strongly regulated. In the EU, on the other hand, health data is much stronger regulated, and therefore DataEthics.eu recommends using Clue or another European period tracker. You can even use Clue in an anonymised version. In general, you should turn off location tracking, so you don’t give away your location data. You could also use a private search engine. Get more tips on digital selfdefense.
This is very good. But despite such pledges, Jason Hong, a professor at Carnegie Mellon University’s School of Computer Science, cautions that the data a user inputs into a period-tracking app could reach far beyond the phone or the app they’re using according to the media NPR:
“It’s really hard to understand how your data is being used and where it’s being shared because it could be many many third parties, and those third parties can also resell to other third parties. Your data could actually be all over the network at this point. And it’s really hard to track what’s going on.”
Perhaps there is afterall good reason to the delete the period app…? At least if you live in a US state where abortion is illegal. But then again – the “privacy nightmare” also goes for gaming apps and many other apps.
So, where to stop, really?