A new study has shown the majority of top-rated fertility apps collect and even share intimate information without the users’ knowledge or permission
The lead researchers, from the Newcastle and Umea Universities, are now calling for a tightening of the legislation when it comes to these apps.
For hundreds of millions of women fertility tracking applications offer an affordable solution when trying to conceive or manage their pregnancy. But as this technology grows in popularity, experts have revealed that most of the top-rated fertility apps collect and share sensitive private information without users’ consent.
Dr Maryam Mehrnezhad, of Newcastle University’s School of Computing and Dr Teresa Almeida, from the Department of Informatics, Umeå University, Sweden, explored the privacy risks that can originate from the mismanagement, misuse, and misappropriation of intimate data, which are entwined in individual life events and in public health issues such as abortion, infertility, and pregnancy.
Dr Mehrnezhad and Dr Almeida analysed the privacy notices and tracking practices of 30 apps, available at no cost and dedicated to potential fertility. The apps were selected from the top search results in the Google Play Store and let a user regularly input personal and intimate information, including temperature, mood, sexual activity, orgasm, and medical records.
Once the apps were downloaded, the researchers analysed GDPR requirements, privacy notices, and tracking practices. They found out that the majority of these apps are not complying with the GDPR in terms of their privacy notices and tracking practices.
The study also shows that these apps activate 3.8 trackers on average right after they are installed and opened by the user, even if the user does not engage with the privacy notice.
The findings were presented at the CHI 2021 Conference, which will take place on May 8-13, Dr Mehrnezhad and Dr Almeida warn that the approach of these apps to user privacy has implications for reproductive health, and rights.
Dr Mehrnezhad said: “Users of these apps are women who are considered marginalised user groups and the data concerning these groups is personal, more sensitive, and identified by GDPR legislation as ‘special category data’ requiring extra protection.”
Dr Almeida added: “Data is kept in such a vulnerable condition, one in which a default setting allows not only for monetizing data but also to sustain systems of interpersonal violence or harm, such as in cases of pregnancy loss or abortion, demands a more careful approach to how technology is designed and developed.
“While digital health technologies help people better manage their reproductive lives, risks increase when data given voluntarily are not justly protected and data subjects see their reproductive rights challenged to the point of personal safety.”
The study shows that majority of these fertility apps are classified as Health and Fitness, a few as Medical, and one as Communication. The authors argue that miscategorising an unsecured app that contains medical records as ‘Health & Fitness’ would enable the developers to avoid the potential consequences, for example, of remaining in the app market without drawing significant attention to it. This means that fertility app data could continue to be sold to third parties for a variety of unauthorised uses, such as advertising and app development.
The team is currently looking into the security, privacy, bias, and trust in app devices in Femtech. In light of their research, these researchers are calling for more adequate, lawful, and ethical processes when dealing with this data to ensure women get protection from the intimate information that is being collected by such technologies.
Do you use any fertility apps? Are you worried about your cybersecurity being compromised or exploited? We’d like to hear your views. Email email@example.com.