FemTech: My body, my data, their rules
Exploring the privacy risks in femtech, this article reveals how personal health data in menstrual and fertility tracking apps is often exploited, raising concerns over data ownership, consent, and regulatory gaps.
12
applications analyzed
5.5/10
average mark
35%
sell the data
Menstruation, despite having existed since the dawn of humanity and affecting half of the world’s population, remains largely unknown in many aspects. Paradoxically, however, for years, control over the menstrual cycle has been a lucrative source of income in different sectors. This has recently been extended to the digital sector, where menstruation has become an area for the development of business models based on data about menstrual cycles and the fertility of menstruating women and menstruating individuals.
In reality, these apps have great potential to contribute to promoting health research and education. Therefore, through period tracking apps, we can find out the dates of our next period, the length of our cycles, the most and least fertile days, and even which are the most common symptoms we will experience at each stage of the cycle. This type of application is part of what is known as Femtech, which has received more than a billion in investment in recent years. But what do these apps do with all the information collected.
We have studied the most used menstrual tracker apps in Spain to find out which of them are the most respectful with users’ privacy.
This study has been motivated by the recent events that are taking place in the United States derived from the leak carried out by the media outlet Politico in May. They shared a draft from the Supreme Court is in favor of annulling the ruling of the Roe v. Wade case, by which the right to abortion was legalized in the country in 1973. While countries like Colombia or Mexico have recently regulated this right, the United States seems to undo the steps taken towards the sovereignty of women over their bodies. In this sense, the data collection about the menstrual cycle and, especially, the fact of sharing it with third parties, is especially dangerous, since it can be a way of accusing and persecuting those people who are considering this practice, as it is beginning to happen in the United States based on other types of data.
Having in mind that the main service of menstrual tracker applications is based on a simple calendar, it may seem that they are harmless, but the results of the analysis carried out indicate that this idea is far from reality.
01
We have analyzed 12 applications, among which Period Calendar Period Tracker (with more than 100 million downloads in Google Play Store), Flo (more than 50 million), and Clue (more than 10 million) are among the most widely used and well-known.
To evaluate them, we have established 5 indicators: if it has an accessible privacy policy, if that policy is clear, if it asks for invasive permissions, if it collects unnecessary personal data, and if it shares this data with third parties. In this way, they have been awarded with 2, 1, or 0 points depending on whether they act well, so-so, or bad, respectively.
One of the most surprising findings has been that most of them fail at the last two indicators mentioned (if they collect personal data and if they share it with third parties). Contrary to the innocuous appearance of their simple interfaces, many of them share data with third parties. They often do it for commercial purposes, other times without specifying the purpose, and many of them only if the user agrees with her consent. But are users really aware of what they are giving their consent for when they click ‘accept’ the first time they open the app? These purposes are often found within the lines of lengthy privacy policies that almost no one ever reads completely.
02
To help users to decide which application to opt for when tracking their menstrual cycle, we have prepared this ranking based on our analysis:
The average mark of respect for privacy of these apps is a scraped pass: 5.5. We have been surprised to see how some of them do not even have a privacy policy that the user can access, as is the case with Menstrual Calendar (developed by SimpleInnovation) or My Fitness (by Xiaomi).
It is also surprising how only 1 of them, WomanLog (developed by Pro Active App SIA), does not sell or share data under any circumstances. About the rest, most of them share data with third parties just for the sake of using the app, while others use consent and built-in third-party services to leave open the possibility that data is being shared in some way. They don’t only share personal data, but also information about the user’s health, such as the symptoms she experiences, as it happens with Cycles (developed by Perigee), although, at least, they say they share it anonymously.
03
We end the study alarmed and confirming our worst suspicions about this type of digital service. Despite the historical neglect of menstruation as an object of study and treatment, its use as an excuse to exploit our personal data has not gone unnoticed. Digitalisation, instead of giving place to services that protect our privacy and focus on improving our sexual and reproductive health, seems to have fostered in period monitoring a business model in which a service is nothing more than the bait to get hold of our data and monetise it. When this data reveals sensitive information that can expose intimate processes or bring us to justice, the importance of protecting ourselves and demanding that our data is protected is more urgent than ever.
This study has been carried out briefly, but we think that there is still much more to investigate in this field. Do you have information related to data usage by menstrual tracking apps? Please, send it to us info@eticas.tech.