Conclusions

Our research has introduced questions about the right to privacy when apps have the potential to share a range of user-related data. This is a particular concern for people using apps in countries where there are restrictions on access to abortion. In the US, after the overturning of Roe v Wade, concerns around the privacy practices of period-tracking apps have been raised in states that have introduced restrictions and bans on access to abortion. It could be very possible for some period tracking apps to hand over incriminating sexual health data they have on their users (e.g., weeks of missing period entries) for the purposes of complying with a law enforcement investigation, which could result in a violation of a woman's right to privacy and right to health. 

Additionally, seeing such a wide range of third parties integrated into the apps' web traffic raised alarm bells due to how many different entities had potential access to various categories of user data, such as device data. Device data is potentially traceable to a particular person due to their unique device identifiers. Automatically collecting data without explicitly transparent disclosures to users, beyond just small mentions in the privacy policy, and before they can meaningfully consent, is bad practice. While we have seen improvements since our last investigation that this time user period input data was not being sent to third parties like Facebook, we also caution that other categories of data like device data are still being shared with third parties by some apps at different stages of their functionality and data management. 

We have observed some privacy-protecting features in apps and services as discussed above, such as enhanced network security and encryption protecting user data and the anonymization and de-linking of users and their identifying account data. This suggests promising potential for the future of privacy, but in this increasingly hostile environment around women’s health, privacy-forward techniques should be the standard for all apps. 

The risks and trade-offs for companies opting to take a privacy-forward approach are in constant tension with the ability to make a profit, as data has become one of the richest currencies for advertising and analytics, among other third party uses. However, when it comes to menstruation data, which is sensitive health data, and given the increasingly hostile environment for reproductive rights and the risks of this data being used against an individual, period tracking apps should be held to a higher standard of privacy protection. Users should not have to sacrifice privacy for period tracking, nor should apps risk users' data in a way that leaves them vulnerable to violations of their rights. And the current regulatory landscape must be prepared to enforce a more privacy-forward deployment of period tracking apps in light of the shifting political tides that are putting women’s right to health at risk.

Recommendations

Recommendations for menstruation apps

• Allowing an anonymous use option for the app such that the user can utilize the app without having to create an account and the app will only store user data locally.
• Give users complete and easy access to and control of their data. Users should be able to modify, delete and/or access their personal data from the app.
• Fully disclosing within the Privacy Policy where third parties are being used, at all stages including in the background (e.g., CDNs), and detailing what data they have access to. It is best practice to name these third parties. At the minimum, apps should disclose all the categories of third parties in the privacy policy (e.g., servers, CDNs, advertisers, etc.).
• Obtain consent that is free, unambiguous, and informed before collecting any data by explicitly providing clear and transparent information in the app about the use of data by third parties, primarily what data will be collected, who will have access to it, and how it will be used.
• Limit the data collected to only data that is strictly necessary, such as allowing users the option to skip questions asking for personal identifying information like their birthday and other unnecessarily extensive health-related data.
• Limit data sharing only to what is strictly necessary for the purpose of providing the services offered. This requires checking default data sharing settings of tools provided by third parties like SDKs or data management tools.
• Keep servers, infrastructure and services patched and where possible update to the latest version to incorporate fixes and security features.

Recommendations for regulators

• Where there are privacy regulations in place, ensure data protection laws are properly enforced and upheld.
• Apply extra scrutiny to menstruation apps because they may process and collect highly sensitive health data that requires additional protections and safety measures.
• Require apps to conduct in-depth data protection and human rights impact assessments to consider the potential harms to users and ensure the app is protecting users’ privacy in accordance with relevant data protection laws.
• Ensure app developers abide by the data protection principle of transparency, including that any information relating to the processing of personal data is easily accessible and easy to understand, and that clear and plain language is used.
• Ensure app developers provide clear disclosures about the data access relationship they have with third parties (e.g., how are cloud-based CDNs processing user data?).
• Require apps to request explicit and fully-informed consent before any data is collected, including automatic collection of device data.
• Scrutinise the use of third party deployers, particularly AI companies offering their API services to sexual and reproductive health apps.

Recommendations for users

• Be very cautious of apps asking for unnecessarily detailed and sensitive health data. Is this data really necessary for the functional use of the app? If not, try not to provide the data or, if that is not possible, consider not using the app.
• Consider using the most data minimalist version of the app to avoid, as much as possible, providing sensitive personal data to get started on the functional version of the app.
• Limit the use of personalised ads by adjusting your settings. For Android, this can be done in Settings > Google > Ads > Opt out of personalised advertising. Learn more in our guide.
• Opt out of providing extra data by declining advertising and analytics in the in-app settings.
• Consider using an adblocker (see our guides on adblocking).

Download the full report

Read more

• Our Research Methodology
• Research findings from the apps
  • Flo
  • Period Tracker by Simple Design
  • Maya
  • Period Tracker by GP Apps
  • WomanLog
  • Wocute
  • Stardust
  • Euki
• Analysis: What does this all mean?

What can I do?

If you want to make sure we can keep doing work like this you can donate now to make sure PI can keep holding governments and companies to account.