Most popular period-tracking apps share data with third parties, according to a report by the U.K.-based Organisation for the Review of Care and Health Apps (ORCHA).
The report analyzed 25 popular tracking apps built by 24 different developers. It found that 84% of them shared data outside of the developer’s system with a third party and that only one app stored data solely on the device.
Of the apps that shared information, 68% said they did so for marketing purposes, while 64% cited legal obligations, 40% reported they shared data for research, and another 40% said they used the data to improve their services.
The ORCHA report also noted that many of the apps that shared data embedded user consent information within the terms and conditions. Of the 21 apps that shared data with third parties, nine bundled consent into terms and conditions, while another eleven put some user control within the app and some in the terms in conditions.
Only one app listed user consent for sharing their data within the app itself, which ORCHA argues is a valuable practice, because most people won’t read the entire terms and conditions.
“It would be best practice for an app to have a ‘consent’ page that’s easily accessed from the main menu. Each individual permission could then be ticked or unticked at any time. So, a user wanting to guarantee privacy could easily change their mind and untick the permission to share with third parties,” Tim Andrews, COO of ORCHA, said in a statement.
WHY IT MATTERS
In the wake of the Supreme Court decision that overturned Roe v. Wade in late June, period tracking apps became an area of concern for privacy advocates. Some apps like Clue and Glow released statements about their privacy policies, while Flo debuted an “anonymous mode” that lets users access the app without personal email, name and technical identifiers.
But some privacy experts argue period-tracking apps are only one piece of the privacy puzzle, since there’s other digital evidence that could connect users to abortions, like text messages or location data.
“Period tracker apps have come into sharp focus for alarming reasons – but they are probably the tip of the iceberg when it comes to data security,” Fatima Ahmed, ORCHA’s clinical lead for maternity and women’s health, said in a statement. “And even app developers who promise to stop sharing names and addresses, for example, should be aware that people can be identified by an IP address.”