All of which makes an app’s privacy policies especially important, but when it comes to privacy, these policies can be vague and in flux, according to Andrea Ford, a research fellow at the University of Edinburgh.
“It becomes really muddy when you get into abortion,” Ford says. “If that [were to become] illegal in certain places, does that transcend the right to privacy that is written into the contracts in the way that child trafficking would?”
The Flo app has come under fire for sharing data before.
Last year, the Federal Trade Commission reached a settlement with the popular fertility and period-tracking app amid allegations that it misled users about the disclosure of their personal health data. The settlement followed a 2019 Wall Street Journal investigation that found the app informed Facebook when a user was having their period or if they informed the app that they intended to get pregnant.
Under the settlement, the FTC said Flo must undergo an independent review of its privacy policy and obtain user permissions before sharing personal health information. Flo did not admit any wrongdoing as part of the settlement.
In a statement to NPR, the company said it “firmly believes women’s health data should be held with the utmost privacy and care at all times, which is why we do not share health data with any third party.”
The company added that an external, independent privacy audit completed in March “confirmed there are no gaps or weaknesses in our privacy practices.”
In a statement to NPR, period-tracking app Clue said “any data you track in Clue about pregnancies, pregnancy loss or abortion, is kept private and safe.” As a European company, the company said it is obligated to apply “special protections” to reproductive health data, per European law.
Despite such pledges, Jason Hong, a professor at Carnegie Mellon University’s School of Computer Science, cautions that the data a user inputs into a period-tracking app could reach far beyond the phone or the app they’re using.
“It’s really hard to understand how your data is being used and where it’s being shared because it could be many many third parties, and those third parties can also resell to other third parties,” Hong says. “Your data could actually be all over the network at this point. And it’s really hard to track what’s going on.”
OK, but should I delete the app?
For those second-guessing their period-tracking app, Ford says there’s a risk vs. convenience calculation that’s different for each user. It depends in large part on where you live and what the laws are.
“If I lived in a state where abortion was actively being criminalized, I would not use a period tracker—that’s for sure,” she says.
But for those who choose to log their data online, there might be some options that aren’t as risky. Ford says that apps built with a nonprofit model could offer more privacy.
Hong says paid apps could be better because they’re less likely to track users, since they don’t need to collect advertising data. Hong also advised users to read Apple’s privacy nutrition labels, which are designed to show users how their data is used in simpler terms.
Apps that store data locally are also preferable, Greer explained, because when data is stored locally, the user owns it—not the company.
If police are interested in data stored on a user’s device, they would need a warrant, which has a “much higher legal bar” than a subpoena, Greer says. But if the data is in the cloud and owned by a company, a subpoena would be necessary to access the data.
Ford says the most secure option might just be the most old-fashioned: tracking your cycle on paper.