A popular fertility app used by women to track their reproductive health will pay $200,000 to settle allegations that it shared highly sensitive data of thousands of users with shady Chinese companies.
Premom – an Illinois-based company that claims to have around half a million users who can upload confidential information about their menstrual cycles, reproductive health conditions, and other fertility-related data.
The company has been accused of leaking identifiable user health information and precise geolocation information to Google and two China-based companies known for “suspicious privacy practices”.
Easy Healthcare, developer of Premom, pledged to stop sharing sensitive information, although he admitted no wrongdoing.
The upheaval in legal abortion access last year has sparked a new wave of health privacy concerns as millions of American women use fertility apps to track their cycles, which could potentially be used to penalize anyone seeking or considering an abortion.
More than a dozen states restricted access to abortions following the overthrow of Roe V Wade
Premom asks users to upload details about their sexual health such as ovulation and basal body temperature to receive a personalized remote scan to help predict how to get pregnant naturally
Premom is owned by Easy Healthcare, an Illinois-based medical supplies e-commerce company. Premom allows users to upload their ovulation test strips, which Easy Healthcare also offers
DC Attorney General Brian Schwalb said“Residents of the district who used the Premom app had the right to keep their locations and devices private, but Easy Healthcare shared this private information with third parties without notice or consent, putting users at risk.
“Now more than ever, as reproductive rights are under attack across the country, it is essential that the confidentiality of health care decisions be vigorously protected.” My office will continue to ensure that companies protect consumers’ personal information to protect against illegal encroachments on access to effective reproductive health care.
The FTC did not release the names of the Chinese companies that obtained the sensitive information, but said they had been “flagged for suspicious privacy practices.”
Widespread concerns over the sharing of sensitive reproductive health data came to a head in June 2022 when the Supreme Court struck down a 50-year precedent for legal abortion.
The data stored on apps like Premom is extremely revealing – when a period stops or starts and when a pregnancy starts and stops. And privacy experts have been on high alert ever since, knowing full well that the data could be subpoenaed or sold to third parties.
The app was launched in 2017 but hit a milestone in November 2019 with half a million downloads.
During the pandemic, business has shifted to a largely remote platform in many industries. Premom started offering virtual consultations with fertility specialists in July 2020.
HIPAA, the federal health information privacy law, does not have jurisdiction over rule tracking apps, and in fact some aspects of the law have not kept up with the advent of new technologies such as trackers. fitness.
Easy Healthcare, for its part, said, “Our settlement with the FTC is not an admission of wrongdoing. Rather, it is a settlement to avoid the time and expense of litigation and allows us to put this matter behind us and focus on you, our users.
“Rest assured that we do not and will never sell any user health information to third parties, or share it for advertising purposes…Protecting user data is a top priority, which is why we always been transparent with and cooperated fully throughout the FTC’s review of our privacy program.
As part of the settlement, the company accepted a $100,000 civil penalty for violating the health injury notification rule, according to the FTC.
It will also pay $100,000 to state AGs.
Wednesday’s settlement agreement follows the FTC’s action against a similar app called Flo about three years ago. The app, used by more than 100 million women, has received a slap on the wrist for not placing limits on how third-party companies such as Google and Facebook could use the health information of millions of women , leading these companies to use data privacy for targeted online advertisements.
The investigation revealed that the app shared data despite the company repeatedly promising users that their data would be protected and not shared with others.
How to buy your location data?
Smartphones collect a large amount of data about their users, which can be sold to third parties.
This can include location tracking, which records where a person has been with their mobile phone and when – down to individual buildings.
If a user allows an app on their cell phone to track this data, and also allows the sale of this location data, then third parties can buy it for their own use.
Data brokerage companies buy this data from app developers and repackage it for various purposes, such as marketing and advertising, and then resell it to other companies.
But if they can afford it, the data can be bought and then used by everyone, including law enforcement and members of the public.
Vice News reported that it purchased data from SafeGraph that specifically related to people who had visited abortion clinics.
While SafeGraph said it would stop selling location data relating to visitors to family planning clinics, the report raised concerns that other data brokers could also sell such data.