Period-tracker data trading raises human rights fears


In the wake of the landmark abortion ruling by the US Supreme Court, there are growing concerns that law enforcement could use your period-tracker data against you. And, as always, such apps also remain vulnerable to financially motivated cybercriminals.

Abortion had been a constitutional right in the US since 1973. However, the Supreme Court’s recent decision to overrule Roe vs. Wade could lead to an abortion ban in half of the states.

Prior to the decision, lawmakers had called for a ban on health and location data trading: now various health apps, including period-tracking apps, increasingly find themselves under the spotlight.

ADVERTISEMENT

Period trackers, also known as fertility apps, are a virtual diary of your health, allowing you to track your periods, ovulation, moods, sexual activities, and pregnancy, among other things. Since most people carry smartphones in their pockets at all times, such apps became comfortable alternatives to printed trackers or notebooks for hundreds of millions of women.

Yet, with efficiency come concerns about the data trading practices of such tools. Some of them have been facing a backlash regarding how they handle intimate user data.

What users are concerned about

In 2019, a popular period tracker called Ovia Health was criticized for sharing aggregated data with employers, who then got access to the information about their workers. This meant employers could track such things as pregnancy details, including when women who had given birth were planning to return to work.

In the beginning of 2021, the Federal State Commission of the United States filed a complaint against Flo – an app with over 46 million active monthly users for tracking menstrual cycles and fertility. It was reportedly disclosing the data of its users to third-party entities, including Google and Facebook.

Users that learned about this were disappointed with the lack of respect for users’ privacy. “Isn't it torture enough that we're struggling to conceive (some of us anyway), without your social media using that info to torment you further for profit?” one user complained on Reddit.

But that is not the only concern – the US Supreme Court overruling Roe vs. Wade has increased anxieties over the data practices of period trackers. “When Roe vs. Wade gets overturned, the government could use data from your tracking app to persecute [you] for missed periods that don’t result in a baby,” another user posted.

This would not be the first time technology has been used for tracking and even leaking data regarding pregnancies. Back in 2019, as reported by local media, a woman was charged with second-degree murder after she searched for abortion medication in her third trimester.

ADVERTISEMENT

Tech giants, such as Google, Facebook, and Amazon, are also a source of concern due to their data collection and trading practices. Amazon’s report for the first half of 2020 disclosed that the company fully or partially complied with 79% of search warrants. Meanwhile, Google responded to 82% of requests during the first half of 2021, disclosing user information.

Cybernews talked to industry experts to learn how data-trading practices can harm individuals, and whether you should ditch digital period trackers for old-school printable ones.

Where does the data go?

“One app vendor shares information with over 30 different third-party entities directly from the app with the intent to deliver targeted ads,” Vikram Venkatasubramanian, founder and CEO of online privacy company Nandi Security, told Cybernews. This includes data brokers, ad networks, and others.

Since many period tracking apps are free, it makes you the product, as the cliché goes. The problem is that getting one’s hands on such data is not difficult at all, Venkatasubramanian believes. “It is easy for any company to register as a data broker and get access to this kind of information by bidding for it,” he explained, stressing that sometimes, winning the bid isn’t even necessary.

Furthermore, period-tracking apps can share data directly from their servers. Although you get to track your period or pregnancy for free, you may not always be fully aware of how your data is used.

“There is nothing customers can do about it except to opt out of such data-sharing and hope that the company in question respects it,” he added.

A goldmine for cybercriminals

ADVERTISEMENT

A recent study published in Springer Link canvassed the views of period-tracking app users. While the interviewees found the apps convenient, many of them did not express concern regarding the privacy of their data, and some were even aware that it was not limited to their device.

However, data-sharing poses various risks to users that arise from why it was collected in the first place, Agneska Sablovskaja, data researcher at cybersecurity company Surfshark, told Cybernews.

“Theoretically, health data can be especially dangerous if it ends up in the hands of insurance companies or banks, because users’ data can be used to target them with ads or even possibly to determine life-insurance coverage or loan interest rates,” she said.

When it comes to period trackers, “health data can become evidence of terminated pregnancy used in prosecution of women in countries or states where abortion is illegal,” she added, referring to the overturning of Roe vs. Wade.

But even if menstrual-cycle trackers do not share data, they can still be susceptible to cyberattacks, meaning yours could be leaked or stolen by malicious threat actors.

Aside from collecting everything health-related, period trackers “may also include payment details, address, telephone number and the full name of the user among many other things,” Sablovskaja pointed out.

“With this data, threat actors can attempt multiple crimes, such as credit-card fraud, extortion (blackmail, etc.), identity theft, malware, phishing, spoofing and ransomware attacks, and online harassment, among many others. However, most often, leaked or breached databases are put on sale on the dark web, where they can be bought or freely accessed by other criminals, or just curious regular people,” she explained.

One way users can ensure their personal data is not shared is by reading the privacy practices of the apps they sign up to. According to research published in the Pew Research Center, only 22% of Americans always or often read privacy policies before accepting them.

While Sablovskaja has noticed that the language in such documents can at times be difficult to understand, she believes that “if you really want to protect your privacy, your ideal app should clearly state that they do not collect or sell your data to any third parties.”

ADVERTISEMENT