Thursday, December 08, 2022

Should women worry about data from period-tracking apps being used against them?

Should women worry about data from period-tracking apps being used against them?

It is estimated that millions of people in the US use period-tracking apps to plan ahead, track when they ovulate, and monitor other health effects. Apps can help signal when periods are late.

A draft opinion from the Supreme Court after Politico was published on May 2 showing that Roe vs. WadeThe historic decision guaranteeing the constitutional right to abortion would be reversed, people took to social media. They were expressing concerns about the confidentiality of this information – especially for people who live in states with strict limits on abortion – and how it could be used against them.

Several users recommended deleting all personal data from period-tracking apps immediately.

“If you’re using an online period tracker or tracking your cycles through your phone, turn it off and delete your data,” activist and advocate Elizabeth McLaughlin said in a viral tweet, “just.”

Similarly, cyber security expert Eva Galperin, the data said “You could be used to prosecute if you ever choose to have an abortion.”

This got us wondering – are these concerns warranted, and should people using period-tracking apps remove data or apps from their phones altogether? We asked the experts.

• Has your period-tracking app data been shared?

Privacy policies – specifically, whether apps sell information to data brokers, use the data for advertising, share it for research, or just keep it within the app – vary greatly between companies.

“Does it encrypt? What is its business model?” asks Lucia Savage, chief privacy and regulatory officer at Omada Health, a digital therapeutics company. “If you can’t find the terms of service or privacy policy, don’t use that app.”

Period-tracking apps are often not covered under the Health Insurance Portability and Accountability Act, or HIPAA, although if the company is billing for health care services, it may be. Nevertheless, HIPAA does not prevent the company from sharing de-identified data. If the app is free — and the company is monetizing the data — then “you are the product” and HIPAA doesn’t apply, Savage says.

A 2019 study published in the BMJ found that 79% of health apps available through the Google Play store regularly share user data and were “far from transparent.”

When it comes to marketing, pregnant person data is of especially high value and can be difficult to hide from a barrage of cookies and bots. Some period-tracking apps, which often ask for health information in addition to menstrual cycle details, also participate in the wider Internet data economy.

“Data can be sold to third parties, such as large tech companies; or to insurance companies, where it can be used to make targeting decisions, such as whether to sell a life insurance policy, or how much your premium should be.” ,” says Giulia di Togni, a health and artificial intelligence researcher at the University. of Edinburgh in Scotland.

Flow Health, which is headquartered in London, settled with the Federal Trade Commission last year over allegations that the company, after a promise of privacy, had colluded with external data analytics companies including Facebook and Google for users of its fertility-tracking app. Shared health data of users.

In 2019, Ovia Health drew criticism for sharing data — though de-identified and aggregated — with employers, who could have purchased period and pregnancy-tracking apps as a health benefit for their workers. People using the employer-sponsored version currently have to opt in to this type of data-sharing.

Ovia’s approximately 10,000-word privacy policy details how the company may share or sell non-identifying health data and uses tracking technologies for advertising and analytics on its free, direct-to-consumer version.

For European residents, companies must comply with the strict General Data Protection Regulation, which gives ownership of the data to the consumer and requires consent before personal data is collected and processed. Consumers also have the right to delete their online data.

Companies have the option to extend those rights to people living in the US through their privacy policies and terms of service. If they do, the FTC can hold companies accountable for those commitments, said Invite’s head of data stewardship and former deputy director for health information privacy in the Office of Health and Human Services for civil rights.

Period-tracking app Cycles, which is owned by Swedish company Perigee, falls into this category. The company promises its users that it does not advertise or sell data to third parties. Instead, it makes money entirely through membership, says spokesperson Ranial Engineer.

Concerned customers are reaching out to Clue, another health app developed by a Berlin-based company. “We fully understand this concern, and we want to assure you that your health data, especially any data you track about pregnancy, pregnancy loss or miscarriage, is kept private and secure. Clue co-CEO Carrie Walter says in an email. Statement.

Some states, such as California and Virginia, have state-level laws that give users ownership over their information and whether it is sold to third parties.

Data brokers trade in other types of information, such as location-tracking data for people visiting Planned Parenthood, that could potentially be purchased by law enforcement or government officials. Earlier this month, SafeGraph stopped selling cellphone-tracking data that mapped the activities of people who visited Planned Parenthood, how long they stayed, and where they went afterward. Vice reported buying a week’s worth of data for $160.

Of concern is the company’s level of data security, and how vulnerable it is to breaches. “Hacking is criminal, there’s no question about it,” Savage says. “But once it’s hacked, the information can be released.”

• Can this data be used in criminal proceedings?

The short answer is yes.

“It’s almost unrealistic that in some states using a period app could get you into trouble,” says McGraw. “But if abortion is a crime, it can be used to build a case against you.”

It depends on where you live, but from a privacy standpoint there is no federal protection against this happening, she adds. Last year, Sen. Ron Wyden (D-Ore.) introduced the Fourth Amendment Not for Sale Act, which would prohibit data brokers from selling personal information to law enforcement or intelligence agencies without court oversight. But the law has not yet made it to the vote.

Wyden told KHN that he was “absolutely” concerned that people seeking abortions could be blamed by their phone data.

“It’s really an ominous possibility for women to have their personal data weaponized against them,” Wyden says. “These big data organizations,” he says, “have to make decisions – are they going to protect the privacy of the women who do business with them? Or are they basically going to sell to the highest bidder. ?”

In the absence of a federal law, if law enforcement receives a court-ordered subpoena, it may be difficult for a company to resist handing over data related to a specific case.

“Given the breadth of surveillance laws in the US, if a company collects and holds information, that information is susceptible to coercion by law enforcement,” said Amy, a privacy advocate and vice president of US policy at the Future of Privacy Forum. Stepanovich says. , “They don’t legally have the ability to keep that information from law enforcement once due process has begun.”

Still, even in states with strict abortion limits on the books, a lot depends on how those laws are structured. For example, last month, a murder charge against a Texas woman for “self-induced abortion” was dismissed after the district attorney found it did not violate state law, which mandates abortion. Criminalizes the providers, not the patients.

If Roe vs. Wade According to a KFF analysis, 14 states have so-called trigger laws that will automatically take effect and ban abortions either outright or after set windows of time – for example, six weeks or 15 weeks.

“It’s really complicated under the hood, but I don’t think people should blindly assume that their data is protected by legal process,” Savage says. It may depend on the company’s approach to the summons, she adds. Some will fight them while others will not.

Take Apple, for example, which repeatedly opposed unlocking iPhones for law enforcement in high-profile cases like the 2015 San Bernardino shootings. According to the company’s privacy policy, data in Apple’s Health app, which includes its period tracker, is “encrypted and inaccessible by default”. All health data in the app is kept on a person’s phone, not stored on a server. But at the same time, Savage says, people who are in low-income communities don’t always have an iPhone because it’s an expensive device.

Ovia’s Privacy Policy states that the Company may provide data to law enforcement when required by law or subpoena. However, the company said in a statement that it has “never provided Ovia user data to any government, nor have we received any government request for access to Ovia user data.” There is also an option to “completely and permanently” delete account data in Ovia’s account settings.

Despite safeguards under the GDRP, period trackers based in Europe can still be summoned, says Lee Tien, a senior staff attorney at the Electronic Frontier Foundation.

“and also [European Union] Companies are subject to US legal process, although this will take longer,” Tien says. “The US has reciprocal legal treaties with other countries, including EU countries, and law enforcement knows how to exchange information. is.”

• Has it been used by government officials or law enforcement in the past?

Authorities with anti-abortion views have taken advantage of period-tracking information in the past. In 2019, former Missouri state health director Dr. Randall Williams obtained a spreadsheet tracking the menstrual periods of women who visited Planned Parenthood in an effort to identify patients who had experienced miscarriages that failed to terminate a pregnancy.

During the Trump administration, former refugee resettlement chief and anti-abortion activist Scott Lloyd admitted to tracking the menstrual cycles of teenage migrants to prevent them from having abortions.

“We’re thinking about period trackers now the way we’ve been thinking about facial recognition software for years,” says Savage.

• Should you delete your period-tracking app?

Experts said it’s unlikely that a period-tracking app would be the only piece of evidence if someone were to build a case against you for seeking an abortion.

World Nation News is a digital news portal website. Which provides important and latest breaking news updates to our audience in an effective and efficient ways, like world’s top stories, entertainment, sports, technology and much more news.

Latest News

Related Stories

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Thanks for submitting your comment!