Story at a glance
- The Mozilla Foundation analyzed 25 popular reproductive health apps for their privacy and security policies.
- Eighteen of the 25 apps received a “Privacy Not Included” warning label, which meant the app’s privacy policy is alarmingly vague.
- Mozilla found there was no clear standing on how data is shared with law enforcement.
Millions of Americans use mobile apps to track their menstrual cycle, sexual activity and ovulation windows, and all of that data isn’t always protected, with a new analysis finding most reproductive health apps have weak privacy protections.
The Mozilla Foundation, founder of web browser Firefox, investigated 25 reproductive health apps and wearable devices, including Flo, Glow, Ovia, Period Tracker Period Calendar and My Calendar Period Tracker, for their privacy and security practices.
Mozilla found that many of these reproductive health apps collect large amounts of personal data from users, ranging from phone numbers, emails, home addresses, dates of menstrual cycles, sexual activity, doctors’ appointments, pregnancy symptoms and more.
Eighteen of the 25 apps analyzed by Mozilla received a “Privacy Not Included” warning label, which means the app’s privacy policy is dangerously vague and may also carry security concerns.
Mozilla found most apps generally share user data for marketing purposes, so users will get served targeted advertisements. However, when it came to sharing data with law enforcement, most apps’ guidelines were vague.
America is changing faster than ever! Add Changing America to your Facebook or Twitter feed to stay on top of the news.
My Calendar Period Tracker, which has more than 10 million downloads on the Google Play store, did not have its own privacy policy that Mozilla could find. Instead, the app linked to two outside policies, from the Google Play store and the Apple App store. Mozilla found both of those privacy policies to be vague, leaving what data may be collected on users up to the app’s interpretation.
Notably, Mozilla found that when it came to sharing data with law enforcement, My Calendar Period Tracker only said, “we use the information collected through the app to…comply with any court order, law or legal process.”
Another app that alarmed Mozilla was Sprout Pregnancy, in which users can build personal pregnancy timeline calendars as the app collects data on users’ weight, doctor’s appointments, birth plan and pregnancy journals, did not have a privacy policy available to Mozilla to read.
Ashley Boyd, vice president of advocacy at Mozilla, explained that due to the current state of abortion access in the U.S., “overnight apps and devices that millions of people trust have the potential to be used to prosecute people seeking abortions.”
Boyd advised that users should think twice before using most reproductive health apps, as many are, “riddled with loopholes and they fail to properly secure intimate data.”
One app that rose to the top was Euki. The app does not collect any personal information about users, and information users chose to enter into the app about their sexual or reproductive health is stored locally on the user’s device. That means users are in complete control of their data at all times.
Other period tracking apps, like Flo and Clue, have made statements reaffirming that they do not share users’ personal data. However, Flo was under investigation by the Federal Trade Commission (FTC) just last year for sharing users’ fertility data with third parties — including Facebook and Google, despite promising users it would not.
The FTC eventually required Flo to require users’ consent before sharing personal health data with others and to have an independent review of its privacy practices.
In conclusion, Mozilla found there was no clear standing on how data is shared with law enforcement, with most apps leaning on vague boilerplate statements that do not include clear guidelines on when and how much user data could be shared with U.S. law enforcement.
That’s especially worrisome in the current political climate in the U.S., as a growing number of states have passed laws banning or severely restricting abortion. Many privacy advocates have been warning how law enforcement or anti-abortion groups could seek out user data from reproductive health apps to enforce those bans.
Adding to the risk, the U.S. currently has no federal privacy law that governs the collection and sale of user data among private-sector companies. There is an effort underway to change that, with legislation introduced last year that would close the legal loophole that allows data brokers to sell Americans’ personal data to law enforcement and intelligence agencies without any court oversight.
The bill has yet to be picked up by Congress.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Changing america