Mobile apps are a daily part of our lives. But is a user’s personal data safe? Or is it shared without their knowledge?
Citing reports that this data is often shared without user consent, Sen. Bob Menendez, and Reps. Bonnie Watson Coleman and Mikie Sherrill requested Apple, Samsung and Google take action when it comes to menstruation and fertility apps. They are asking that any of these apps that shares a user’s private health data with third parties without obtaining explicit consent prior to use be removed from app stores.
“When consumers use menstruation-tracking or fertility-tracking apps they trust some of the most intimate parts of their lives with that app,” the lawmakers wrote in separate letters to Matt Fischer, Vice President of Apple’s App Store; Purnima Kochikar, Director of Google Play, Apps, & Games; and YH Eom, President and CEO of Samsung Electronics America. “This is a serious invasion of privacy.”
Wide Usage
Approximately 100 million women worldwide use menstruation-tracking and fertility-tracking apps. Users routinely input information on their menstrual cycle, mood, weight, birth control usage, results of ovulation tests and sexual activity.
“Some apps prompt users to share how often they smoke, drink coffee, or use tampons. According to the [Privacy International] study, 61% of menstruation apps tested automatically transferred data to Facebook ‘the moment the user opens the app,” the lawmakers added.
Privacy Protection
In the letter, the lawmakers request information about the security of user information in the apps as well as the data that is directly collect from app developers.
“A number of troubling reports show that the sensitive data collected by these apps are shared with third parties, often without the user’s knowledge or consent. We do not believe the traditional end-user agreements are sufficient for individual’s health information data,” wrote the lawmakers.
Additionally, they cited Privacy International’s report that found Facebook’s Software Development Kit (SDK) facilitates the sharing of user’s private information without their explicit consent. SDK helps app developers incorporate particular features and collect user data.
“Facebook in turn ‘uses customer data from its SDK, combined with other data it collects, to personalize ads and content’,” wrote the lawmakers. “In other words, Facebook (and other third parties that use similar SDKs) monetizes sensitive data regarding women’s reproductive health.”
Long-term Concerns
The lawmakers cited reports that these apps have been sharing data for more than seven years. In 2016, the Washington Post reported one study from Consumer Reports found that users of the period-tracking app Glow could link their account with another person in order to share information.
“Most troubling, was the finding that anyone who knew a user’s email address could start getting that data without the user’s explicit permission. That means practically anyone, including stalkers or abusive exes, could have found a window into the intimate data the app tracked,” they wrote.
They urged Apple, Samsung and Google to get out in front of these issues, otherwise it shows “either a glaring disregard for privacy concerns or gross incompetence.”
Want Answers
The lawmakers want women to be able to make informed choices about their reproductive health and data, including how this data is shared. They have asked that the following questions be answered:
- What, if any, privacy standards must an app meet before you approve the app for download on your platform? Please provide a detailed description of those standards.
- What data sharing notices do you require menstruation-tracking, fertility-tracking, and health care-related apps to provide to users?
- What, if any, protocols do you have in place to respond to data breaches of menstruation-tracking, fertility-tracking, and health care-related apps available on your platform?
- Given the rise of data breaches and the sharing of personal information from apps available on your platform, what proactive steps will you be taking to offer users better control over their privacy?