Choice issues a damning report “Your Body, Our Data: Unsafe Privacy Practices of Popular Fertility Apps” which finds that fertility apps collect unnecessary personal data
March 22, 2023 |
Choice with Fertility apps and your privacy examined 12 popular fertility apps and found there has been poor privacy practices. It is a devastating report highlighting the poor state of privacy practices in Australia. The Guardian has covered the report with Fertility apps collect unnecessary personal data and could sell it to third parties – study.
The Choice article provides:
Fertility apps collect extremely sensitive and intimate data about our cycles, health, pregnancies, and sex lives.
There is growing concern over the handling of this data, which is often kept for too long (exposing it to data breach risks) and disclosed to other companies on a supposedly ‘de-identified’ basis (when there are real risks of re-identification).
The apps’ privacy policies, messages and settings are often confusing and potentially misleading. An app might claim “we never sell your data”, but the fine print might say the whole database can be sold to another company as a business asset.
An app might claim ‘we never sell your data’, but the fine print might say the whole database can be sold to another company
And many are not fair or transparent about the data they trade with other companies, including extra information they collect about the consumer from data brokers and the disclosure of your usage data, which can allow companies to predict sensitive information about your health and circumstances.
What is a fertility app?
We use the term ‘fertility apps’ to cover mobile apps that assist consumers in tracking their menstrual cycles, ovulation and potential fertile windows if they’re attempting to conceive, and stages of pregnancy up to birth.
How we compare
We examined the privacy terms of 12 of the most popular fertility apps used by Australian consumers (taking into account downloads, apps installed and active usage).
We examined the privacy policies and in-app messages and settings for each of these apps in February and March 2023, to determine the extent to which they protect the consumer’s privacy, having regard to the quality of the privacy information and choices they give consumers, and the extent to which they indicate that they restrict the collection, use and disclosure of personal data to limit the risk that the consumer will be humiliated, excluded, exploited or exposed to data breaches.
The privacy policies, messages and settings are often confusing and potentially misleading
We did not include apps that depend on the consumer buying a wearable device, like an Apple watch or a FitBit, that tracks biometric data directly using sensor technology; or apps that track a baby’s development from birth. These raise different and important issues, which deserve to be considered separately.
We have grouped the apps into three categories – apps to avoid, apps to be cautious of and one that stands out from the others but could still be improved.
Apps to avoid
BabyCenter
BabyCenter is a pregnancy app that was bought by Everyday Health Inc, which also owns the What to Expect app. This is why their privacy policies are identical and equally focused on sharing users’ data for profit. Everyday Health Inc is owned by US marketing technology company, Ziff Davis, which includes its tracking technologies in the app.
Glow Fertility, Glow Nurture, Eve by Glow
Glow Inc operates several apps, which allow users to track their periods, sex lives, and pregnancies. Glow’s privacy terms and settings generally indicate that it gives users less privacy by default to serve its commercial purposes.
In 2020, Glow settled a lawsuit brought by the Attorney General of California alleging breach of medical privacy and data security laws concerning “clear basic security flaws that put its users’ data at risk”.
Ovia Fertility and Ovia Pregnancy
The Ovia ovulation and pregnancy apps are owned by a company that is part of the US drug development corporate group, Labcorp.
The apps ask for remarkably wide-ranging and sensitive information in its “Health Questionnaire” and sell “de-identified” health information to other companies.
What to Expect
What to Expect is a pregnancy app owned by Everyday Health Inc, which later bought the BabyCenter app. This is why their privacy policies are identical and equally focused on sharing users’ data for profit. Everyday Health Inc is owned by US marketing technology company, Ziff Davis, which includes its tracking technologies in the app.
Apps to approach with caution
Clue
The Clue app is renowned for its founder’s goal to use the health data collected for research purposes.
It collects extensive highly personal information, such as data about reproductive health conditions, masturbation, use of sex toys, orgasms and painful intercourse, and does not give confidence that this information will be adequately de-identified before it is disclosed to others.
Flo Health
Flo is the most popular fertility app in Australia and invests heavily in advertising that it respects your privacy. The app developer faced a complaint by the US Federal Trade Commission in 2020 alleging it misled consumers regarding privacy practices, which led to two class actions against it in the US.
The app is now operated by a company of the same name subsequently set up in the United Kingdom by the same founder as the US company.
While Flo settled the complaint brought by the US Federal Trade Commission regarding alleged privacy breaches and denied wrongdoing, we await the outcome of the US class actions that allege Flo made misrepresentations about its data sharing with Google and Facebook.
My Calendar
My Calendar provides some options that can assist users in protecting their privacy, but it takes a disturbingly hands-off approach, for example by claiming that it is “not responsible for circumvention of any privacy settings or security measures”. (It should be responsible if it has not taken reasonable steps to secure your data.)
Period Calendar
Period Calendar is one of three apps marketed by Hong Kong-based Abishkking Ltd, “a fitness and health mobile apps development company”. It provides some options that can assist users in protecting their privacy, but diminishes users’ privacy in other ways, for example by sharing revealing usage data with Google Analytics, which can be used for Google’s “own advertising network”.
Period Tracker
Period Tracker is sold by GP Apps, which provides only a vague, brief privacy policy. Other companies collect data via the app about the way you use the app, which could include information about whether you join various “Groups” that reveal your health conditions.
Pregnancy+
The Pregnancy+ app is owned by a company in the Philips Avent consumer goods group. Philips creates a profile of your preferences, behaviour and characteristics from tracking your activities in the app and says this profile is disclosed to other companies such as its “affiliates”.
WomanLog
It’s difficult to find much iformation on WomanLog because its privacy policy and terms of use are so brief and vague, but it appears to be operated by Latvia-based Pro Active App SIA. The app includes some privacy features, but the very limited information makes us cautious.
Preferred (but not perfect) apps
Natural Cycles
The Natural Cycles app does not have perfect data privacy terms, but it stands out as an app that makes a real effort to give clear information and choices about your data as you open and set up the app.
The app is operated by a Swedish company that focuses on reproductive health and is governed by the stricter privacy laws of the European Union.
Privacy reform urgently needed
Potentially misleading privacy claims and settings in fertility apps deserve scrutiny by our regulators under both the Privacy Act and the Australian Consumer Law. We also need urgent reform of our Privacy Act to protect the highly sensitive information held by such app developers, including:
-
- stricter security obligations, such as rules requiring companies to specify a limited retention period after which personal information will be deleted to avoid unnecessary data breach risks and obligations to protect “de-identified” information
- a requirement that companies’ collection, use and disclosure of our data should always be “fair and reasonable”, rather than expecting consumers to try and police companies’ data practices themselves
- clarification that technical identifiers and “usage data” connected to an individual are “personal information” covered by the Privacy Act obligations.
CHOICE consumer data advocate Kate Bower says “Australia’s Privacy Act is woefully out of date and this research shows the potential harms to consumers of not having law that is fit for purpose.
“Stronger consumer protections are urgently needed to ensure that the highly personal and sensitive data collected by these apps is protected and that businesses can’t exploit the data for profit.”
The report itself is quite lengthy, at 34 pages. Some of the interesting points made include:
- consumers using these apps may be unaware that many have been strongly criticised for their privacy and security flaws.
- operators of some of the most popular apps – including “Flo” and “Glow” – have been sued in the United States for alleged privacy infringements.
- there numerous unfair and unsafe data practices in some of the most popular fertility apps currently used by Australians.
- companies marketing apps that assist consumers in managing these aspects of their fertility, tend to offer apps that meet two or three of the following purposes:
- tracking their menstrual cycle, sometimes to assist in avoiding pregnancy if they are sexually active,5 and/or to record symptoms towards menopause;
- trying to conceive a child by tracking their sexual activity, menstrual cycle and other symptoms to identify a “fertile window” for conception; and
- tracking and managing their pregnancy through various stages, including preparations for labour, birth and parenting.
- We conducted a systematic analysis of:
- the currently available privacy policies of each app;
- additional privacy messaging on the app developer’s website; and
- the user interface of the app itself, including the steps required to use the app, questions asked of the consumer through the app, and privacy settings (if any) available in the app.
- the 2020 Consumer Policy Research Centre (CPRC) survey showed that the majority of consumers:
- agreed that companies should give them options to opt out of certain types of information collection, use and sharing – 95%;
- agreed that companies should only collect information currently needed for their product or service – 92%;
- find it unacceptable for companies to monitor their online behaviour to show them relevant advertisements and offers – 60%;
- consider it unfair for a company to use personal information to make predictions about the consumer – 76%;
- consider it unfair for a company to collect information about the consumer from other companies – 83%; and
- disagreed that, if they trust a company, they don’t mind if the company buys information about them from database companies without asking the consumer – 81%.7
- according to the 2020 Community Attitudes to Privacy Survey conducted by the Office of the Australian Information Commissioner (OAIC), most Australians are uncomfortable with:
- businesses sharing their personal information with other organisations – 72%; and
- online businesses keeping databases on what they have said and done online – 62%.8
- the Australian Competition and Consumer Commission (ACCC) 2018 survey indicated that most consumers surveyed considered it to be a misuse of their personal information if digital platforms:
- collect information about the consumer in ways the consumer would not expect – 83%;
- add to information about them with information gathered from other companies the consumer has dealt with – 81%.
- fertility apps are collecting and using such “online activity data” or “usage data” for various purposes.
- what is almost entirely hidden from the consumer are the ways in which data is collected from their device for the purpose of tracking them beyond the fertility app, as well as further data about them that the app collects from various third parties.
- fertility app privacy terms also generally include some description of the automatic collection of “technical data” that allows various companies to track the consumer. They do this in terms that make it unlikely that consumers will understand the significance.
- Some app developers invisibly collect further data about the consumers from third parties, such as data brokers
- Five of the twelve apps analysed claim that they do not sell data or that they “never” sell data either in their privacy policies or in-app messages. However, four of these same apps state in the fine print of the later sections of their privacy policies that the consumer’s personal information may be sold as a business asset, either on its own or as part of a sale of the whole business. Some even say this information can be disclosed during negotiations for such a sale. The broad description of the data than can be sold in this way would include intimate logging data and answers to prejudicial questions.
- Some of the fertility apps have privacy settings that are likely to give consumers misleading – or at least deeply confusing – messages about what they are choosing, on the limited occasions when consumers are permitted to make an active choice about the collection and use of their data.
- Six of the twelve apps analysed specify that data from consumers’ use of the app is used for research purposes. The privacy policies of these apps generally claim this data is “de-identified” or “anonymised” before it is disclosed to researchers outside the organisation. There were three trends in these research uses which jeopardise consumers’ privacy and agency:
- the apps tend to be unacceptably vague about the methods of “de-identification” adopted and, in some cases, merely pseudonymise the data, such that de-identification claims may be misleading.
- of those apps that use the consumer’s data for research purposes, almost all fail to provide the consumer with an active choice in the matter.
- none of the apps promise that any research using the consumers’ data will be conducted in accordance with recognised ethics guidelines or subject to approval and oversight by a Human Research Ethics Committee.
- despite the extremely sensitive nature of much of the data collected, the privacy terms of the apps analysed fail to describe de-identification standards that could give consumers confidence that they are safe from being associated with that data in public or in another organisation’s hands in future.
- the apps do not warn consumers of the risk that their data will be re-identified and associated with the individual consumer when the app developer retains or discloses the de-identified data. On the contrary, some plainly state, for instance, that such data “is no longer linked or linkable to you”.
- the real risks of re-identification together with the extreme sensitivity of some of the data collected, make it vital that consumers should be permitted to make an informed choice about whether they are willing to accept these risks for the sake of the additional research purposes explained to them. However, six of the apps which use consumer’s data for some form of “research” do so by default without allowing the consumer to decide whether to opt into that research use.
- all but one of the apps analysed state that they use some of the consumer’s data for targeted advertising purposes.
- Several of the fertility apps analysed indicate that they share some of the consumer’s data with large digital platforms, including Google Analytics or Google Ads
- while personal information should only be kept for as long as it is necessary to meet the lawful purposes for which it was collected a number of the fertility apps analysed do not meet these standards, but expose the data collected to greater risk by keeping it for arbitrary and unnecessarily long periods or failing to specify any clear system regarding the retention of data.