Story at a glance
- The Mozilla Foundation analyzed 25 popular reproductive health apps for their privacy and security policies.
- Mozilla found there was no clear standing on how data is shared with law enforcement.
Millions of Americans use mobile apps to track their menstrual cycle, sexual activity and ovulation windows, and all of that data isn’t always protected, with a new analysis finding most reproductive health apps have weak privacy protections.
The Mozilla Foundation, founder of web browser Firefox, investigated 25 reproductive health apps and wearable devices, including Flo, Glow, Ovia, Period Tracker Period Calendar and My Calendar Period Tracker, for their privacy and security practices.
Mozilla found that many of these reproductive health apps collect large amounts of personal data from users, ranging from phone numbers, emails, home addresses, dates of menstrual cycles, sexual activity, doctors’ appointments, pregnancy symptoms and more.
Mozilla found most apps generally share user data for marketing purposes, so users will get served targeted advertisements. However, when it came to sharing data with law enforcement, most apps’ guidelines were vague.
Notably, Mozilla found that when it came to sharing data with law enforcement, My Calendar Period Tracker only said, “we use the information collected through the app to…comply with any court order, law or legal process.”
Ashley Boyd, vice president of advocacy at Mozilla, explained that due to the current state of abortion access in the U.S., “overnight apps and devices that millions of people trust have the potential to be used to prosecute people seeking abortions.”
Boyd advised that users should think twice before using most reproductive health apps, as many are, “riddled with loopholes and they fail to properly secure intimate data.”
One app that rose to the top was Euki. The app does not collect any personal information about users, and information users chose to enter into the app about their sexual or reproductive health is stored locally on the user’s device. That means users are in complete control of their data at all times.
Other period tracking apps, like Flo and Clue, have made statements reaffirming that they do not share users’ personal data. However, Flo was under investigation by the Federal Trade Commission (FTC) just last year for sharing users’ fertility data with third parties — including Facebook and Google, despite promising users it would not.
The FTC eventually required Flo to require users’ consent before sharing personal health data with others and to have an independent review of its privacy practices.
In conclusion, Mozilla found there was no clear standing on how data is shared with law enforcement, with most apps leaning on vague boilerplate statements that do not include clear guidelines on when and how much user data could be shared with U.S. law enforcement.
That’s especially worrisome in the current political climate in the U.S., as a growing number of states have passed laws banning or severely restricting abortion. Many privacy advocates have been warning how law enforcement or anti-abortion groups could seek out user data from reproductive health apps to enforce those bans.
Adding to the risk, the U.S. currently has no federal privacy law that governs the collection and sale of user data among private-sector companies. There is an effort underway to change that, with legislation introduced last year that would close the legal loophole that allows data brokers to sell Americans’ personal data to law enforcement and intelligence agencies without any court oversight.
The bill has yet to be picked up by Congress.