A groundbreaking investigation by BuzzFeed News, in collaboration with Privacy International, has uncovered that popular period-tracking apps are transmitting highly sensitive personal data to Facebook without users’ explicit consent. This revelation raises significant concerns about privacy and the potential misuse of intimate health information.
apps under scrutiny
Privacy International, a UK-based charity dedicated to defending and promoting global privacy rights, has been instrumental in highlighting the issue. The charity has focused on several widely-used period apps, including Period Tracker by Leap Fitness Group, Period Tracker Flo by Flo Health, and Period Tracker by Simple Design. These apps collect a range of data, from health and sexual activity to mood and other personal details.
Women use these apps for various reasons, from tracking their menstrual cycles to planning pregnancies. Apps like Maya, developed by India’s Plackal Tech, have garnered over 5 million downloads on Google Play Store, while the Ovulation Calculator by Cyprus-based Mobapp Development Ltd claims to have 2 million users globally. These apps are also available on the Apple App Store.
data sharing concerns
The investigation found that Maya sends data to Facebook as soon as the app is opened, even if users have not agreed to the app’s privacy policy. This data sharing can occur without the user’s knowledge or consent, potentially exposing them to privacy risks.
Developers receive this data to understand their app audience and improve their products. They can also monetize their apps through Facebook Audience Network. With user consent, Facebook can use this data to provide more personalized ads. Advertisers are particularly interested in emotional states, as this helps them target ads more effectively. Pregnant or trying-to-conceive women are particularly susceptible to changes in shopping habits due to such ads.
Facebook’s response
Facebook has acknowledged the issue and is in discussions with Privacy International about potential violations of its service terms, including the transmission of prohibited sensitive information. A Facebook spokesperson said, We have systems in place to detect and remove certain types of data, such as social security numbers, passwords, and other personal data like email or phone numbers. We are also working on improving our systems and products to detect and filter more types of potentially sensitive data.
the sensitivity of health data
Health data is among the most sensitive types of information, and confidentiality is at the core of medical ethics. Countries with data protection laws have separate regimes for health data. However, these period apps, which ask users for information such as blood pressure, swelling, cramps, and acne, do not follow the same rules as most health data, making it easy for Facebook to access.
According to The Washington Post, at least two apps—Maya and MIA Fem—that track menstrual and pregnancy cycles share data with Facebook. This data is also being used by employers and health insurance companies as powerful monitoring tools.
potential misuse of data
Users and experts are concerned that this data could be exposed to security vulnerabilities or used by employers and insurance companies to discriminate against women by increasing premiums or denying leadership positions.
MIA Fem asks users a range of questions, from smoking habits to coffee consumption and tampon usage. Privacy International’s research found that while this data is not immediately shared with Facebook, it can recommend articles tailored to users’ specific interests, sharing this information with Facebook. The app also shares information about contraceptive pill usage with Facebook.
When approached by Privacy International, MIA Fem initially provided a detailed statement, which was shared with BuzzFeed News. However, when BuzzFeed News contacted MIA Fem, they were asked to provide a draft of the article and the specific parts of the statement being quoted. The company later threatened legal action against Privacy International and sent an email to BuzzFeed News, stating that the information should not have been shared and demanded its immediate deletion.
the privacy debate
The actions of these apps have raised questions about the extent to which users can consent to sharing such private information with external companies like Facebook, especially when app privacy policies are lengthy and complex.
Lindsey Barrett, a staff attorney at the Georgetown Law Intellectual Property and Technology Clinic, said, It’s clear that this practice does not adequately protect against privacy violations. She added, No one reads privacy policies because they see so many of them, and they’re even unreasonable in number. Even if they do read them, these policies are often poorly written or don’t inform users of what they need to know.
The revelation highlights the importance of personal privacy, which is essential for dignity. Chandana Hiran, a 22-year-old former Maya user from Mumbai, enjoys the app for its convenient tracking of symptoms related to menstruation and its user-friendly interface. However, she had not considered the privacy implications. These are very personal details, she said. I don’t want anyone to know this information.
Hiran added, Sharing my shopping cart/wishlist on Facebook is one thing, but such details are very private and must be kept confidential.
As the investigation unfolds, it underscores the need for greater transparency and user control over
Views: 0