The decision by the US Supreme Court to overturn Roe v Wade and make abortion illegal in some states has been met with protests, emotional pleas and global outrage.
One of the many concerns that has emerged off the back of this monumental decision is about period tracking apps.
People in the US are worried that the data on these apps – about menstrual cycles, ovulation, missed periods and more – could be used to target people seeking an abortion.
The fears are about trust and privacy. Is our data safe with these tech companies?
Experts are warning that these tracker apps could be used to surveil pregnant people and submitted as evidence if someone should be prosecuted. This concern is clearly pertinent right now for people in the US – but should we also be worried here in the UK?
EU members have better protection for their online data because of the GDPR – and in the UK we have our own post-Brexit version of this legislation. But is this enough – or is it safer to get off the apps altogether?
Yes delete your period app. But also don’t arrange rides for people to get abortions on Facebook. Don’t google “where to get an abortion†if you live in Texas. Don’t go to a protest unmasked. The privacy violations that are coming go so much deeper than period apps.
— Doree Shafrir (@doree) June 24, 2022
EVEN IF YOU LIVE IN A STATE WHERE ABORTION IS LEGAL:
1. Take all period trackers off your phone NOW. Track in a pocket calendar & use a code phrase (“Lunch w K,” “call Mom”) or symbol (star, circle)
2. Wear a mask if you go into ANY healthcare facility for repro care. Why?
— Melissa Hillman (@bittergertrude) June 24, 2022
The fear and paranoia about how our personal data could be used is not unfounded.
Tech giants, like Google and Facebook, process personal data – from your location to your web browser searches – and use it to sell targeted advertising. Thousands of apps work in the same way, and many people are worryingly unaware of how this data is being used.
Do we have better data protection in the UK?
Members of the EU have different inbuilt protections than people who use these kinds of apps in the US. This is because of the GDPR.
The General Data Protection Regulation (GDPR) is a globally-influential data and privacy law from the European Union. The GDPR applies to mobile apps that collect and process personal data of EU citizens. It doesn’t matter if your app is operated from outside of the EU – the GDPR will still apply.
The purpose of the GDPR is to give people more control of their personal data and to improve how businesses manage personal consumer data.
So, where does that leave us post-Brexit?
When Brexit came into effect on January 1, 2021, the UK was no longer regulated by the EU General Data Protection Regulation. Currently, it does not yet have its own data protection law, but it is applying what is called the post-Brexit UK-GDPR and this will last until June 27, 2025.
How do period apps use your data?
The major concern about data on period tracking apps is that it is unencrypted. Unencrypted data is easily readable and is seen as a high security risk because it can be intercepted.
‘Cycle data is used in cleartext [meaning unencrypted] on both the app and at the server side for in-app cycle tracking, as well as in server-side prediction and analysis algorithms,’ explains Chris Stahly, director of engineering US at Promon, a Norwegian app security company.
‘This data can be decrypted by the app provider and can include information such as ovulation timing and location data.’
So, could this data about your cycle, fertility or pregnancy be used as evidence in court? Chris says this is definitely a possibility.
‘App providers do not provide guarantee of privacy of customer data from malicious end users, malware, or under subpoena from government agencies.’
Period tracking app Stardust – which combines menstruation tracking with the movements of the moon and planets – has become the first recognised app to offer end-to-end encryption for all users, after releasing a statement on TikTok on June 24.
EU members have better privacy protection because of the GDPR (Picture: Getty/iStockphoto)
What about the other period tracking apps – are they taking steps to provide additional protection for your personal data?
Flo’s website states that health data will ‘never be shared with any company but Flo, and you can delete it at any time.’ They also say that they collect personal data only when it serves a ‘specific, explicit and legitimate purpose’ – the parameters of which they say is outlined in their privacy policy.
Speaking to Metro.co.uk, a spokesperson said: ‘Flo will always stand up for the health of women, and will do everything in its power to protect the data and privacy of our users.
‘We will soon be launching a new feature called “Anonymous Mode” – an option that allows users to remove their personal identity from their Flo account. Lastly, Flo will never require a user to log an abortion or offer details that they feel should be kept private, and users can delete their data at any time.’
European company Clue released an extensive statement into their privacy policy in reaction to the Roe v Wade result.
‘Given the increasing criminalisation of abortion in the US, we understand that many of our American users are worried that their tracked data could be used against them by US prosecutors. It is important to understand that European law protects our community’s sensitive health data.’
They go on to outline the company’s privacy commitments.
They say they ‘share as little data as possible in the safest way possible,’ adding, ‘when we leverage our dataset for new insights into female health, we ensure that it is completely de-identified before the scientific researchers we work with analyse it.’
You can read their full response here.
What to do if you're worried about your period tracking app
‘It’s more important than ever that women know what sensitive information they are sharing with these apps and how it’s being used.
‘I would recommend first reviewing the app’s privacy and security practices before you download anything from the app store. Look for specific language around three things:
If and how they share data with third parties
The ability to delete your data at any point
Any mention that they encrypt your data. Encryption is a good sign that they are taking data protection seriously. Data being “securely stored” isn’t enough.
‘If you’ve already downloaded a fertility or period app and would like to stop using it altogether, review the privacy policy to find out how to delete any of your existing data from the app.
‘If that information isn’t readily available, send an email to their support or privacy alias. (Usually it’s [email protected][name of app].com.)
‘In your note, specifically request that all data collected about you be deleted and request confirmation.’
Robin Andruss, Chief Privacy Officer at Skyflow
Is it time to ditch the apps?
Taking all of this complicated information into account – is simply deleting the apps the safest thing to do?
The experts are divided on this issue. Chris at Promon says keeping track of your fertility and menstrual health is a vital tool of empowerment – and could help women to make informed decisions.
‘The answer to this problem is not to quit using all period tracking apps,’ Chris tells Metro.co.uk.
‘It is more important now than ever to keep track of period cycles to determine ovulation and make choices based on this information.
‘However, there is now a very legitimate concern around the ability for third parties to profile or target individuals based on this data. Application providers can, and should, take responsibility for the privacy of their end users.’
However, Beth Horgan, COO of online privacy specialists Kuva, believes the UK will have it worse than anywhere else.
‘Get rid of the apps but get your data off them first,’ she implores.
‘If the next step for our Government is to outlaw the Data Protection Bill, the best thing to do is take your data off the app and delete it. For women in the UK, you cannot not be a part of it. It isn’t your choice.’
Beth argues that the thing we are afraid of, the breach of our personal data, is already happening here.
‘There is a vast economy, all over Britain, of well capitalised surveillance with the express purpose of making money and our Government wants a cut. They enable legislation to make more out of it.
‘How many people truly realise what they are handing over when they hook up their FitBit to their Google phone? Google purchased FitBit to access your data and use it. We are paying them for the pleasure.’
Beth believes that we have to think even bigger about our online privacy, that focusing only on menstruation management is missing the wider point.
‘Have you accessed sanitary products, ordered supplements, ovulation tests online?’ she asks. ‘Your most intimate data is already in their hands. The only purpose of this is to make money out of you – whether you like it or not.
‘Your use of dating apps. What you spend money on. Whether or not you receive counselling. Who do you go out with and where do you go. This and so much more is all up for sale, with no advantage for you.’
How can app developers better protect their customers?
Who takes on the responsibility to keep tracking app users safe?
Are the app developers doing enough to keep their customers safe and keep their data private?
‘No,’ says Chris. ‘Privacy of this type of data is more important now than ever.
‘Data encryption and application security can be done in a manner that prevents unauthorised access to this data. This includes not only in-app cybersecurity measures such as strong cryptographic controls and measures to prevent circumvention of those controls, but also stronger federal privacy controls at the legislative level.’
Do you have a story to share?
Get in touch by emailing [email protected]
MORE : Are you experiencing summertime loneliness? Here’s how to cope
MORE : What disabled people want you to know about their sex lives: ‘There is a lot of ignorance about disabled bodies’
MORE : Protests in UK over ‘devastating’ decision to scrap Roe v Wade abortion rights
