In the wake of the recent news of the US Supreme Court’s decision to overturn the ruling of Roe v Wade in its ruling in Dobbs v Jackson Women’s Health Organization, headlines have been dominated by conversations around privacy and fears of how the criminalisation of abortion care and surveillance by law enforcement will play out in a tech driven world.
This discussion is increasingly important as governments move towards digitising their healthcare systems and as more individuals choose to manage their health through digital means. This is certainly the case for reproductive healthcare with the proliferation of period-tracking apps providing users insights into their menstrual cycle, as a contraceptive tool or to assist with fertility tracking. However, the extent to which companies and app developers are upholding privacy requirements and whether users’ data, whether knowingly or unknowingly, is being exploited and shared with third parties, including law enforcement, is of deep concern – especially given the current context as the criminalisation of abortion will further drive people online to covertly manage their reproductive health, including access to abortion care.
In 2019-2020, Privacy International (PI), along with our global partners, began working on exposing the consequences of the digitalisation of health on individual’s privacy. Since then, we’ve been exploring extensive data collection and data-sharing practices by period-tracking apps, as well as other ways in which digital platforms risk being exploited to restrict access to, or mislead individuals’ seeking reproductive healthcare.
Information concerning an individual’s health constitutes a key element of an individual’s right to privacy. In an increasing digital and tech driven era, the industry of collecting and using health-related data, frequently without the individual’s consent or awareness and the growing number of data breaches are of enormous concern. Against this backdrop, the UN Special Rapporteur on the Right to Privacy published a report on the protection and use of health-related data in 2019. Within this context there is increasing awareness on the sensitive nature of reproductive health data including sexual activity or sexual orientation and the need for additional safeguards and protections.
In this piece, PI reflects on the findings of previous research conducted by PI and other experts, and the consequences of these findings in the current context of the criminalisation of abortion as a result of the overturning of Roe v Wade.
Period-tracking apps, by default, collate mass amounts of personal and sensitive information from its users. They collect information about your health, your sex life, your mood and more, all in exchange for predicting what day of the month you’re most fertile or the date of your next period. Pregnancy-tracking apps that allow pregnant people to input their symptoms and offer advice and guidance throughout their pregnancy, similarly collect health data and pose the same risks to an individual’s privacy.
Concerns about such applications have been the focus of extensive research by CSOs and investigative journalists for many years, and the concerns are well-documented.
In 2020, PI conducted research on period-tracking apps by way of sending Data Subject Access Requests (DSARs) under the General Data Protection Regulation (GDPR)– see our guide on how to write them here – to Clue by Biowink, Flo by Flo Health, Maya by PlackalTech, MIA by Femhealth Technologies Limited, and Oky by UNICEF. Out of the five apps PI targeted, only two apps provided a detailed response and breakdown of data, one app responded but did not give provide PI with the data, one never responded, and one refused to let PI publish the data.