Search
Content type: Long Read
Period tracking apps and the rollback of reproductive rightsThe aftermath of the overturning of Roe v. Wade in the United States (US) sparked widespread debate and concern that data from period tracking apps could be use to criminalise those seeking abortion care.While the surveillance and criminalisation of reproductive choices are neither new nor unique to the US, the scale and intensity of today’s crisis continue to grow. To put it into perspective, 22 million women and girls of reproductive…
Content type: Long Read
Go back to the report page Methodology We looked at the top period tracking apps downloaded in the Google Play Store, some of which we had examined in our original research, and some of which are newly emerging apps that have since grown in popularity. The top period-tracking apps with the most downloads included Flo; Period Tracker by Simple Design; and apps we'd tested in our previous research that still exist such as Maya, Period Tracker by GP Apps, as well as several apps popular…
Content type: Long Read
Go back to the full report page Flo, headquartered in London, UK, is one of the most popular period-tracking apps on the market with over 380 million downloads. The app was previously accused of sharing data with Facebook, such as informing Facebook whenever a Flo user was on their period or if they intended to get pregnant. In 2021, the U.S. Federal Trade Commission (FTC) reached a settlement with Flo to undergo an audit of their privacy policy and to obtain user permissions before…
Content type: Long Read
Go back to the full report pagePeriod Tracker by Simple Design is another popular period tracking app that has over 150 million users. To begin using this app the user answers a set of three onboarding questions for about their cycle pattern. The user has the option to answer 'I'm not sure' for each question. After answering 'I'm not sure' for these three questions, we were able to proceed on the app without having to create an account. Throughout our experience inputting our cycle…
Content type: Long Read
Go back to the full report pageThe Maya app is a period tracker app by Plackal Tech based in India. In our previous investigation, we revealed Maya was sharing a plethora of user input data to Facebook. However, in response to our 2019 research, the app claimed it had since ‘removed both the Facebook core SDK and Analytics SDK from Maya’ while ‘continu[ing] to use the Facebook Ad SDK, post opt-in to our terms and conditions and privacy policy’ for revenue purposes, the latter of which 'does not…
Content type: Long Read
Go back to the full report pagePeriod Tracker by GP Apps is another popularly downloaded app we previously looked at in 2019. In our original research, we determined that this app did not appear to share any user input data with Facebook. This time, we examined the third parties that the app appeared to integrate and what kind of data was being shared with these third parties, as well as what user data the app was storing on its own or external services. It’s worth noting that the…
Content type: Long Read
Go back to the full report pageThe WomanLog app, developed by Pro Active App SIA, is a Latvia-based period tracking app with over 10 million downloads that features an 'Intelligent Assistant' chatbot (more on this below). To get started on the app, we completed a short onboarding questionnaire about which app mode we intended to use (e.g., standard) and the length of our cycle and period. Our answers to these questions were sent across the web traffic to the app developer's API:
Content type: Long Read
Go back to the full report pageWocute is a Singapore-based period tracking app with over 5 million global downloads. To get started on the app, a user first needs to complete a short onboarding questionnaire about their goal for using the app ('track my cycle'); their year of birth (which we skipped), followed by the length of their period cycle and start date of their last period (for which we selected 'I'm not sure'). These responses were all communicated to the API:
Content type: Long Read
Go back to the full report pageStardust is a New York-based astrology-themed period tracking app that has recently risen in popularity, having received a spike in downloads in the U.S. following the overturning of Roe v. Wade. According to its website, the app takes a de-identification approach to users' privacy by utilising a third party 'security system' operated by Rownd, “an authentification platform that stores your contact information for us [Stardust] so that we cannot associate your…
Content type: Long Read
Go back to the full report pageThe last app we looked at was Euki, which has been recognised among privacy advocates. The app is a U.S. non-profit privacy-by-default period tracker app founded by a group of social tech and sexual and reproductive health organisations like Digital Defense Fund and Ibis Reproductive Health. The app has recently become open-source. We ran the Euki app through the DIAAS environment to observe its web traffic as for the above apps. There were no onboarding…
Content type: Long Read
Go back to the full report pageLimitationsBefore our analysis, we note the technical limitations (and the scope of our research) meant we did not test certain features mentioned, such as Google Fit integrations offered by some apps. We also mention the limitations of our DIAS environment, which only allows us to see web (client-side) interactions, rather than server-side interactions, the latter of which are increasingly common among more advanced platforms that utilise cloud computing (e.…
Content type: Long Read
Our research has introduced questions about the right to privacy when apps have the potential to share a range of user-related data. This is a particular concern for people using apps in countries where there are restrictions on access to abortion. In the US, after the overturning of Roe v Wade, concerns around the privacy practices of period-tracking apps have been raised in states that have introduced restrictions and bans on access to abortion. It could be very possible for some period…
Content type: Long Read
The security of our devices, applications and infrastructure is paramount to the safe functioning of our digital lives. Good security enables trust in our systems, it is fundamental to protecting the critical information we store and exchange through networks and devices. Similar to how we physically secure our homes, offices and schools, securing devices and software allows us to operate in safe and trusted environments where our security is guaranteed and protected.Security for information…
Content type: Long Read
“Hey [enter AI assistant name here], can you book me a table at the nearest good tapas restaurant next week, and invite everyone from the book club?” Billions of dollars are invested in companies to deliver on this. While this is a dream that their marketing departments want to sell, this is a potential nightmare in the making.Major tech companies have all announced flavours of such assistants: Amazon’s Alexa+, Google’s Gemini inspired by Project Astra, Microsoft’s Copilot AI companion and…
Content type: Report
In this new briefing, we identify the most significant concerns on the UN Countering Terrorist Travel Programme (CTTP), and put forward a range of recommendations to mitigate some of the human rights risks associated with the surveillance of travellers. We based our briefing on publicly available information and our own research, outlining the purposes and activities of this UN programme. We shared a draft of this briefing with the United Nations Office of Counter- Terrorism (OCT), which…
Content type: Report
With this report, we shed light on the due process implications of the blanket and indiscriminate surveillance of protesters, activists, and human rights defenders participating in protests. We demonstrate that information gathered through the surveillance of protests is being used in criminal proceedings against activists, protesters, and human rights defenders. We also also show that when this information is being admitted as evidence in criminal proceedings it undermines the right to fair…
Content type: Long Read
IntroductionWith the ongoing expansion of GPS tagging under the UK Home Office's electronic monitoring programme, it has increasingly deployed non-fitted devices (NFDs) that track a person's GPS location and request frequent biometric verification in the form of fingerprint scans.The NFDs deployed by the UK Home Office are small handheld devices with a fingerprint scanner that record a person's location 24/7 (referred to as their trail data). They alert the person at random intervals throughout…
Content type: Explainer
Many democracies, particularly younger democracies, are increasingly looking to employ technology - including biometrics - to coordinate the running of their electoral processes. Governments give various reasons for the use of these technologies, such as transparency, voter identification, and fighting corrupt practices in attempts to increase confidence in election results.
These databases and the devices used to access and edit them are susceptible to abuse, manipulation, and theft. Moreover…
Content type: Long Read
Our briefing, “When Spiders Share Webs: The creeping expansion of INTERPOL’s interoperable policing and biometrics entrench externalised EU borders in West Africa”, explores the concerning human rights implications of the use of interoperable data-driven policing capabilities and biometric technologies in West African countries rolled out by the International Criminal Police Organisation (INTERPOL)’s European Union (EU)-funded West African Police Information System (WAPIS) programme. We make a…
Content type: Report
Over the past years, data retention regulation imposing generalised and indiscriminate data retention obligations to telecommunication companies and Internet service provides has been introduced in various jurisdictions across the world. As the data retention practices across the world have evolved this new report is an attempt to shed some light on the current state of affairs in data retention regulation across ten key jurisdictions. Privacy International has consulted with human…
Content type: Report
The methodology employed for this report consists primarily of in-depth interviews held with grassroots political workers and representatives of collectives. The researchers interviewed 14 individuals from various social justice causes such as womens’ rights, climate change, transgender rights, students’ rights and the right to universal internet access in Pakistan. The experiences they have shared with the interviewers along with the real-time developments in the country’s law and order…
Content type: Report
This policy paper seeks to determine the potential for the existing international private military and security companies (PMSC) regulatory framework to support more effective regulation of surveillance services provided by the private sector.In order to achieve this, and given that this paper addresses an issue that is at the intersection of two domains, it seeks to establish a common language and terminology between security sector governance and surveillance practitioners.In…
Content type: Long Read
IntroductionData about our health reveals some of the most sensitive, intimate - and potentially embarrassing - information about who we are. Confidentiality is, and has always been, at the very heart of medical ethics. People need to be able to trust their doctors, nurses and other healthcare providers so that they are not afraid to tell them something important about their health for fear of shame, judgement or social exclusion.It’s no surprise then that data protection regimes around…
Content type: Long Read
With the introduction of GPS tracking of people on immigration bail, the UK has recently put GPS ankle tags, and their potential privacy and security issues, under the spotlight. PI has exposed the intrusive nature and shortcomings of these devices through technical explainers and complaints to the UK data protection and forensic science regulators.
But, what better way to understand the risks associated with a device than to actually use one? In order to further consolidate our understanding…
Content type: Long Read
The rise of racist and xenophobic narratives around the world has led to a ramping up of brutal migration control policies. Indefinite detention, pushbacks of boats at sea, or deportation for offshore processing of asylum claims all now form part of the arsenal deployed by some governments to “appear tough” on and provide "solutions" to immigration. A stark example is the UK’s “hostile environment” policy, announced 10 years ago by then Home Secretary Theresa May and designed to deter migrants…
Content type: Long Read
The final report on the 2022 Kenyan election is the result of a collaboration with the Carter Center as part of a joint pre-election assessment focussing on the use of technology in the run up to and during the Kenyan election which took place 9 August. The final report, published this month, follows our preliminary statement of September 2022.
Below we set out a few key observations in connection with the use of data and technology, as well as some of the key data protection incidents.
Key…
Content type: Case Study
This piece was written by Privacy International, based on publicly available information and on research by our partners at Hiperderecho
Overview
The Documento Nacional de Identidad (DNI) is the personal ID card recognised by the Peruvian State in any situation where a person might have to identify themselves, be it in an administrative, judicial, civil, or commercial context. The DNI also grants its holder the right to vote.
The DNI issuing and overseeing body is the Registro Nacional de…