Concerns raised about ovulation apps and data privacy

As the use of ovulation apps continues to grow, Flinders University law experts Professor Tania Leiman and Lydia Chia have warned of the legal implications of who can access this highly personal data and how can it be used.

“As we use apps to monitor more and more about how our bodies function, we need to think carefully about where that data is going and what the unintended consequences — both legal and otherwise — of generating that data might be,” Professor Leiman said.

“People who menstruate should understand the bargain they are making; is convenience worth giving up your most intimate privacy and data security?”

Period trackers or ovulation apps monitor menstrual cycles to provide insights into fertility windows and period symptoms, identifying patterns unique to an individual user’s cycle. Predictions of ovulation days or when the next period will occur is based on data collected from the user, ranging from mood changes and frequency of cramps to sexual habits and basal body temperature.

Growing popularity of these tools has even seen leading health apps, such as Fitbit and Garmin, incorporate period tracking as an additional feature to its other fitness tracking services, while Apple’s CycleTracker is a standard feature in the Health App on iPhones.

However, while app users consent to privacy policies that contain varying levels of data and privacy protection, standards regulating data processing, sharing and storage of personal information differ depending on the location in which an ovulation app’s company is domiciled, warned Flinders’ professors.

Stringent data processing and third-party sharing laws under the General Data Protection Regulation (GDPR) apply to apps based in the EU, but many jurisdictions outside the EU do not apply the same rigorous standards.

In Australia, data gathered by ovulation apps fall within the protections for ‘personal’, ‘sensitive’ and ‘health information’ in the Privacy Act, although it’s not clear whether it could be also regarded as ‘biometric information’ or a ‘biometric template’, according to the professors.

Leiman said issues such as data storage location and de-identification of data or anonymisation of information altogether in third-party sharing must be considered in more detail — especially given recent instances of data collected from ovulation apps being shared with insurance companies and employers.

“In the US, some companies have made data collected from ovulation apps available to employers — enabling them to track intimate details of an employee’s pregnancy,” Leiman said.

“If data collected from ovulation apps are routinely shared with third parties such as insurance companies, does this allow health insurance premiums to be priced taking account various factors including an individual’s medical history, location and demographics.”

Leiman said that legal complexities attached to the use of ovulation apps mean that we must think very carefully about the impacts that may have, and what happens to the data generated.

“While use of ovulation apps may promise many potential benefits, much greater discussion about the legal ramifications is required,” Leiman said, “especially where competing values — including safety, productivity and privacy — and negotiating power between individuals and corporate data users are not equitably balanced.”

The full article, titled Surveiling our bodies? FemTech and the Legal Ramifications of using Ovulation Apps, by Tania Leiman and Lydia Chia — has been published in The Bulletin: Law Society of South Australian Journal, May 2023 edition.

Image credit: iStockphoto.com/Jose Martinez Calderon