Following the Supreme Court’s decision to overturn Roe v. Wade on Friday, privacy experts are growing concerned over how data acquired from period-tracking apps, among other applications, could be used to penalise anybody seeking or considering an abortion.
Millions of women use apps to help them keep track of their menstrual cycles. Flo claims to be the most popular period and cycle monitoring app, with 43 million active users. Clue, another app, boasts 12 million monthly active users.
These apps store personal health data, which is among the most intimate pieces of data a person can disclose. It can also be instructive. The apps may display when their menstruation begins and ends, as well as when pregnancy begins and ends.
Privacy experts are concerned because this information, whether subpoenaed or sold to a third party, could be used to infer that someone has had or is considering having an abortion.
“We’re very concerned in a lot of advocacy spaces about what happens when private corporations or the government can gain access to deeply sensitive data about people’s lives and activities,” Lydia X. Z. Brown, a policy counsel with the Center for Democracy and Technology’s Privacy and Data Project, agrees. “Especially when that data could put people in vulnerable and marginalized communities at risk for actual harm.”
It’s now a reality.
However, several states have already expressed a desire to go further. Two days after Politico first reported the leaked Supreme Court opinion, Louisiana senators introduced legislation that would categorise abortion as homicide.
Following the Supreme Court’s decision to overturn Roe v. Wade, Missouri prohibited practically all abortions.
It’s more than simply calendar apps
According to Evan Greer, director of the digital rights advocacy group Fight for the Future, period apps aren’t the only avenue for technology to connect people to abortions. She claims that if someone is sitting in the waiting area of an abortion clinic and playing a game on their phone, the app may be collecting location data.
“Any app that is collecting sensitive information about your health or your body should be given an additional level of scrutiny,” Greer claims.
Brown believes that search history can potentially be used to identify people. Activist groups, regardless of their cause, may try to obtain a dataset that shows where people have searched for abortion-related material.
According to Brown, that information might be used for predatory marketing, but it could also provide a method for private persons to report another person for obtaining an abortion. This might be especially dangerous in Texas, considering the state’s contentious new abortion law, SB 8.
The legislation prohibits abortion as soon as heart activity is detected, which is usually around six weeks. It also gives private persons the authority to enforce the prohibition by paying at least $10,000 to anyone who successfully sues an abortion practitioner.
“Anybody could get their hands on this data by simply purchasing it from a company that is already collecting it,” Brown states.
Sharing data from apps isn’t new
It’s fairly uncommon for apps to work with law authorities during criminal investigations, especially when it comes to child exploitation material. Experts argue that if abortion is criminalised, period-tracking data might become a target for investigators.
All of this makes an app’s privacy policies extremely crucial, yet when it comes to privacy, these policies, according to Andrea Ford, a research fellow at the University of Edinburgh, can be imprecise and in flux.
“It becomes really muddy when you get into abortion,” Ford states. “If that [were to become] illegal in certain places, does that transcend the right to privacy that is written into the contracts in the way that child trafficking would?”
The Flo app has already been chastised for data sharing.
The Federal Trade Commission struck a deal with the popular fertility and period-tracking app last year after claims that it deceived users about the publication of their personal health data. The settlement followed a Wall Street Journal investigation in 2019 that discovered the app told Facebook when a user was getting their period or if they assured the app that they sought to become pregnant.
According to the terms of the settlement, Flo must conduct an independent assessment of its privacy policies and seek user authorization before disclosing sensitive health information. As part of the deal, Flo did not admit to any wrongdoing.
The company said in a statement to NPR that it “firmly believes women’s health data should be held with the utmost privacy and care at all times, which is why we do not share health data with any third party.”
An external, independent privacy audit done in March “confirmed there are no gaps or weaknesses in our privacy practices,” according to the corporation.
Could repealing Roe v. Wade have consequences other than abortion?
Clue, a period tracking app, previously told NPR publication that “any data you track in Clue about pregnancies, pregnancy loss or abortion, is kept private and safe.” As a European corporation, the company stated that it is required by European legislation to provide “special protections” to reproductive health data.
Clue stated their commitment to protecting consumers’ reproductive health data just before the Supreme Court overturned Roe v. Wade.
“It is important to understand that European law protects our community’s sensitive health data,” Clue said in a press statement Thursday.
Clue referred to the EU’s data privacy law, the General Data Protection Regulation.
“Our business model is direct to consumer subscriptions — our users are our customers, nobody else is,” the company stated.
Despite such assurances, Jason Hong, a professor at Carnegie Mellon University’s School of Computer Science, warns that the data a user enters into a period-tracking app may be transmitted well beyond the phone or app in question.
“It’s really hard to understand how your data is being used and where it’s being shared because it could be many many third parties, and those third parties can also resell to other third parties,” Hong explains. “Your data could actually be all over the network at this point. And it’s really hard to track what’s going on.”
Should users uninstall these apps?
For individuals who are unsure about their period-tracking app, Ford believes there is a risk vs. convenience assessment that is unique to each user. It is heavily influenced by where you reside and the regulations in place.
“If I lived in a state where abortion was actively being criminalized, I would not use a period tracker — that’s for sure,” she reveals.
However, for individuals who like to log their data online, there may be some less dangerous solutions. According to Ford, apps designed using a nonprofit model may provide more privacy.
According to Hong, premium applications may be better because they are less likely to follow users because they do not need to collect advertising data. Hong also recommended customers study Apple’s privacy nutrition labels, which are intended to educate users in layman’s terms on how their data is utilised.
Apps that save data locally are also preferable, according to Greer, because data stored locally belongs to the user, not the corporation.
If authorities want to access data kept on a user’s device, they’ll require a warrant, which has a “much higher legal bar” than a subpoena, according to Greer. However, if the data is in the cloud and held by a company, a subpoena would be required to gain access to it.
According to Ford, the most secure solution may be the most traditional: charting your cycle on paper.