Cycle-tracking apps stand behind their privacy policies as Roe teeters
Fertility and cycle tracking apps are widely used and can be useful tools that help people monitor their health. But reports regularly show that, like other health apps, they fall short when it comes to protecting user privacy. That shortfall is particularly concerning for users in the US after a leaked Supreme Court opinion indicated that the court intends to overturn Roe v. Wade — eliminating the right to an abortion in the United States and allowing states to criminalize the safe and lifesaving medical procedure.
Information stored in cycle-tracking apps isn’t covered by the medical privacy law HIPAA, so companies have broad leeway with how they use it — and who they share it with. They often share information with data brokers, advertisers, and other third parties that are difficult to track. One app, Flo, was cited by the Federal Trade Commission for sharing data with Facebook even after it promised users it kept data private.
To date, data from things like cycle tracking apps doesn’t appear to have been used to prosecute pregnant people in the US, but data sucked up by other internet and app use has already been used for that exact purpose.
“The fact that it’s possible is a problem that we shouldn’t ignore,” says Cynthia Conti-Cook, a technology fellow with the Ford Foundation’s gender, racial, and ethnic justice team who wrote a 2020 paper on digital surveillance and abortion.
TheVerge reached out to several popular fertility tracking apps and products to ask if they had any plans to adjust or strengthen protections around user data in response to the news that abortion would likely be illegal in many states by this summer. Many companies did not specify any planned changes in response to the news, instead leaning on their existing policies, which they said protect user data.
The smart ring Oura, which has a menstrual cycle tracking feature, did not have any plans to share, spokesperson John Kuch said in an email. Apple did not respond to a request for comment about the period tracking feature on its Health app. Flo, the company cited by the FTC for sharing data, said in a statement from spokesperson Denae Thibault that the company went through an audit in March 2022 that showed “no weaknesses in privacy practices” and that it does not share data with third parties.
Brigid Lowney, a spokesperson for popular period tracker Clue said in an email to TheVerge that data in the app is “private and safe.” “We have received messages from users concerned about how their data could be used by US courts if Roe vs. Wade is overturned. We completely understand this anxiety,” the statement said. It did not say if the company would change or strengthen privacy protections.
Nurx, a telemedicine company offering birth control and emergency contraception, said in a statement from spokesperson Ann Noder that it keeps patient data confidential. “We will evaluate our response to any eventual decision in light of our mission and principles concerning contraceptive access and affordability,” the statement said.
Glow said in an email from its press team that it will “continue to uncompromisingly protect our users’ privacy and personal health information” but did not say if it would make any changes to its policies.
Conti-Cook says she’d be skeptical of companies that claim to tightly protect user data without seeing their business model. Pregnant or potentially pregnant people’s data is valuable to advertisers and other third parties because it’s a group that will be going out and buying new things for a potential future child. Selling that data, or making it available to partners, is the business model for these types of apps, she says. “That’s the business model of all of surveillance capitalism.”
And all four of those companies, along with oura ringsay in their privacy policies that they would share personal user data in response to subpoenas or legal obligations.
The main concern for legal experts right now is that an individual’s data from these apps could be used against them if they’re already suspected of terminating a pregnancy. But it might not stop there, says Jerome Greco, a public defender in the digital forensics unit of the legal aid Society in New York City. “I think in the future it could become more broad, and they could be aggregating data and parsing data to try to identify suspects,” he says. “I think law enforcement is more tech-savvy than they’ve ever been in history and have more resources than they’ve ever had.”
Most of the digital information that’s been used to prosecute people for terminating a pregnancy has been internet searches and analysis of someone’s physical phone — like a mississippi woman who was hospitalized after delivering a stillborn fetus and whose internet search history on how to induce a miscarriage was used to indict her for murder.
“We’ve seen cases where women’s Google searches, unencrypted communications, emails, and other types of messages — like Facebook Messenger — were used against them, and social media posts,” Conti-Cook says.
It’s hard to predict the new ways states that criminalize abortion might find to use personal health data and other digital tools to prosecute people they suspect of terminating a pregnancy. But being vigilant about the hypothetical situations that could occur in the future helps people protect themselves, Conti-Cook says.
People concerned about their data being used against them around abortion can take steps to protect themselves, Conti-Cook says: don’t share your phone with police, social workers, or anyone at a hospital. Use internet browsers that prevent tracking. Use encrypted text messaging apps to discuss anything sensitive.
“Our digital autonomy is an extension of our bodily autonomy, and that’s how we need to start thinking about it,” she says.