Many popular reproductive health apps fall short when it comes to protecting users’ data privacy, according to a new report highlighting potential legal risks to people seeking abortions.
After studying 20 of the most popular pregnancy tracking apps, researchers from the nonprofit Mozilla found that 18 of them had data-collection practices that raised privacy or security concerns. The report also looked at five wearable devices that track fertility but did not raise concerns about their data collection.
Many apps have vague privacy policies that don’t make clear what data can be shared with government agencies or law enforcement, said Jane Caltreder, principal investigator for Mozilla’s “Privacy Not Included” Buyer’s Guide to Connected Consumer Products. Report.
Ideally, she said, companies would publicly commit to processing data requests from law enforcement by requesting a court order or subpoena before any data is delivered, working to narrow requests as much as possible and alerting users about any requests.
“It gets really gray and slips on really, really fast,” Caltereder said. “It’s really hard to be sure exactly what’s being shared and with whom.”
This may be a concern in states that moved to ban abortion after the Supreme Court reversed the landmark Roe v. Wade decision.
Californians, where abortion remains legal, get some protection from the state’s data privacy laws. California residents have the right to access, delete, and opt out of its sale and sharing of their personal information.
“Small health apps that collect health information or even a Fitbit app that your doctor tells you to wear may not be covered under HIPAA, but they are likely to be covered under California law,” said Ashkan Soltani, California Privacy Protection executive. The agency, which implements and enforces the state’s consumer privacy laws.
Starting next year, Californians will have additional protections, such as restrictions on the company’s ability to collect data for purposes other than its main job.
These laws only apply to Californians, not to out-of-state travelers who may come to California to seek abortion. However, Soltani said it may give California consumers who travel to other states additional protection for their data.
In addition to vague privacy policies, the Mozilla report also found that some apps allowed weak passwords or weren’t clear about how they use algorithms to predict ovulation and fertility time frames.
Consumers often want to protect their privacy but don’t know how to protect their privacy or don’t see immediate harm from not doing so, Caltrider said. But as user data monetization continues to increase, consumers should view this as a “tipping point,” she said.
“Last time abortion was illegal, we didn’t have the internet. Digital monitoring was not a factor,” Caltrader said. “It’s too much now. It’s time we really start to consider that there is harm when our privacy is violated.”