Inconsistencies and contradictory data privacy policies were found in several popular female health apps.
ADVERTISEMENTFrom Clue and Flo to Premom and Stardust, there are many popular applications women use to monitor their health by tracking information such as their periods, ovulation cycles, and sexual activity.
But are female health apps protecting this sensitive data?
A team of researchers in the UK found “problematic practices, including inconsistencies” regarding data privacy in several female health apps.
They presented the research at the Conference on Human Factors in Computing Systems in Honolulu, Hawaii in the US this month.
The researchers analysed 20 popular female health apps available on the US and UK Google Play Stores providing a service related to female reproductive health. They looked at the applications’ data privacy policies and practices.
They found that 35 per cent of the apps had contradicting policies regarding whether they were sharing personal data with third parties.
They also found that user data could be accessed by law enforcement or authorities in many cases.
Concerns regarding privacy risks are especially high in the aftermath of the US Supreme Court’s decision in June 2022 to overturn Roe v. Wade, which had previously secured abortion rights in the country.
‘Extremely poor privacy practice with dire safety implications’
“There is a tendency by app developers to treat period and fertility data as 'another piece of data' as opposed to uniquely sensitive data which has the potential to stigmatise or criminalise users," Lisa Malki, the study’s first author and a PhD student at University College London, said in a statement.
"It is vital that developers start to acknowledge unique privacy and safety risks to users and adopt practices which promote a humanistic and safety-conscious approach to developing health technologies," she added, highlighting that the dominant model “currently places a disproportionate privacy burden on users”.
Researchers concluded there were “several inconsistencies, as well as problematic privacy practices which saw data transmitted through complex chains of third parties”.
The shortcomings identified in the apps’ designs included non-essential data processing often enabled by default, unclear or complex opt-out mechanisms, as well as privacy control screens which were often only accessible through unintuitive interactions.
"Female health apps collect sensitive data about users' menstrual cycle, sex lives, and pregnancy status, as well as personally identifiable information such as names and email addresses," said lead investigator Dr Ruba Abu-Salma from King’s College London.
“Requiring users to disclose sensitive or potentially criminalising information as a pre-condition to deleting data is an extremely poor privacy practice with dire safety implications. It removes any form of meaningful consent offered to users,” she added.
The researchers highlighted in the study that the consequences of data breaches could lead to “gendered forms of oppression”.
According to the General Data Protection Regulation (GDPR), data concerning health or a natural person's sex life or sexual orientation are considered “sensitive” in countries of the EU and the UK and should be handled with an extra layer of protection.
