Duke University Explores Data Privacy in Post-Roe Era: Women’s Concerns Persist on Period Trackers with Limited Action
Nearly a third of American women use apps to track their menstrual cycles, plan and prepare for symptoms, and identify their most fertile days. But their convenience can come at a high cost for users.
That’s because period tracking apps track more than just your period. They collect sensitive information that can include whether their users are trying to have a baby, if they get pregnant or have a miscarriage, even sexual activity.
If these data were combined with location tracking showing what medical facilities users have visited, it’s possible these apps could be used to suggest that someone has had or is considering an abortion.
Because period-tracking apps aren’t covered under federal data privacy laws like the Health Insurance Portability and Accountability Act, or HIPAA, no law prevents private companies from sharing this information with third parties such as advertisers or insurance companies, or handing it over to law enforcement.
Previous research reveals an “alarming status quo,” said student co-author Jiaxun Cao of Duke and Duke Kunshan University.
In a review of 23 popular period- and pregnancy-tracking apps, 61% allowed location tracking, 87% shared their users’ data with third parties such as advertising and analytics companies, and two thirds shared data “for legal obligations.”
Nearly a third displayed no information about their privacy practices at all.
And even when privacy policies are available, they can be misleading. In 2021, the developer behind Flo, a period-tracking app with more than a million users, settled federal charges that the company leaked intimate details about users’ periods and pregnancies with online advertising giants like Facebook and Google despite promising to keep them private.
Deleting an app from a device doesn’t make the data magically disappear from the developer’s server or stop it being shared and sold, either. “Some companies hang on to data for years after the consumer stops using the app,” said co-author Hiba Laabadli, a dual-degree student at Duke and Duke Kunshan.
To better understand women’s concerns surrounding privacy and period-tracking apps, the researchers conducted an online survey with 183 American women aged 19 to 75. Half of the participants lived in states where abortion is banned; the other half lived in states where abortion is legal.
Each participant was asked how concerned they would be about hypothetical scenarios involving period trackers with different ways of collecting, storing and sharing user data.
The study found that a number of common app practices raised red flags for users.
The top concern was who might gain access to their data. Respondents said that sharing information about their periods and pregnancies with government or law enforcement was “unacceptable.”
Nearly a third said apps sharing their data with third parties such as advertisers and insurance companies was also worrisome, particularly if it was used to target them with unwanted ads or boost their insurance rates.
Women were also wary of apps that collected more data than they considered necessary for the app to function, such as users’ whereabouts or information about their moods or sexual activity.
Given these concerns, the researchers expected that women would be taking more steps to safeguard their information in the wake of Roe.
But actually, not so, Cao said.
When asked about the landmark ruling, most respondents — 60% — recognized the heightened urgency of data privacy risks in the post-Roe era, but fewer than 10% took steps to mitigate them, such as by deleting the app or reading the app’s privacy policy.
In fact, more than 90% of participants took no precautions at all, either because they weren’t sure how to proceed, because they relied on the service to help manage their periods, or because they lived in states where they didn’t feel the need to exercise caution.
Nearly 40% of participants reported feeling uninformed when it came to their apps’ privacy practices.
“The majority of women are concerned but they don’t do anything about it because they don’t have the knowledge. They don’t know what to do,” Emami-Naeini said.
Only half of respondents think users themselves are responsible for ensuring that their personal information stays safe. The vast majority — nearly 90% — considered that to be the job of the app developers, such as by giving users more control over their data, making user control settings more accessible and straightforward, and by making their privacy policies more transparent and easier to understand.
Since the landmark Supreme Court decision, more than two dozen states have banned or severely restricted abortion access.
As a next step, the researchers plan to look at the privacy implications of integrating AI chatbots like ChatGPT into period trackers and other healthcare apps.
“Our biggest recommendation is for app companies to be more transparent about what they’re doing,” Emami-Naeini said.
The researchers will present their findings on May 13 at the Conference on Human Factors in Computing Systems (CHI 2024) in Honolulu.