As if infertility issues weren’t stressful enough, now women have to worry about their helpful fertility apps sharing data without their knowledge or permission. Premom, a popular fertility app available on multiple platforms, was just accused by nonprofit watchdog group the International Digital Accountability Council (IDAC) of collecting and sharing its user data with three Chinese companies.
On August 6, the IDAC sent letters to the Federal Trade Commission, the Illinois district attorney (the state in which Premom is based), and Google alerting them to the irregular data sharing. It’s alleging that Premom engaged in deceptive practices and may have violated federal law. IDAC identified the Chinese companies as Jiguang, UMSNS, and Umeng.
Premom had conflicting disclosures presented to its users, and users had no way of knowing their data was shared, nor any way to opt out of the sharing.
“We cannot say with certainty whether Premom was aware of the extent of the data collection done by these third-parties,” IDAC President Quentin Palfrey tells Parentology. “However, Premom was aware that these specific third-parties were used in their app because Premom’s developers had to actively embed these third-parties’ software development kits (i.e., bits of code) into the app.”
Premom has since updated its website and in-app policies to be consistent with one another, and it has revoked Chinese company Jiguang’s access. But, many users haven’t updated the app yet, and IDAC researchers fear they might still be sharing data.
Ironically, Premom was named one of 50 Most Trusted Companies of 2020 by the Silicon Review. Parentology contacted Premom for comment, but it did not respond.
The Type of Data Shared and Stored Matters
Premom clients unknowingly shared the sort of data that’s used for marketing purposes. That’s different from health data, but still has consequences.
“Our technical tests did not reveal any health data being shared to third-parties. The information that we observed being shared (location data and non-resettable identifiers) raise privacy concerns around Premom’s (and third parties that receive this data) ability to track users over long periods of time and across various apps on their devices,” Palfrey explains.
Location data basically tracks where you go, what your preferences are, and even what hobbies you might have. “Premom and other companies can use this location data, in combination with other data, to infer who their users are and create unique user profiles for targeted advertising and monetization purposes,” Palfrey says.
Just because the health data wasn’t shared doesn’t mean it’s safe from prying eyes, though. There’s an assumption that health data is private and protected under HIPAA, but that’s not the case when it comes to these apps. Women have discovered this while using period tracking apps, and there’s no reason why fertility apps should be any different. Without federal protections firmly in place, there’s always potential for a huge privacy breach.
For instance, Consumer Reports’ Digital Lab found in a recent examination of five popular period tracking apps—BabyCenter, Clue, Flo, My Calendar, and Ovia—that consumers’ information was shared in some way with third parties for marketing and other purposes.
“Consumer trust is at the crux of this issue, particularly in the USA where we do not yet have a federal privacy law in place,” Palfrey says. “Companies are becoming increasingly aware that consumers are taking privacy seriously, and there has been a shift in consumers’ mindset about who they share their personal data with. Additionally, as more privacy laws and regulations (e.g., CCPA and GDPR) emerge, it will become more difficult for companies to avoid disclosing their practices.”
How Can You Protect Yourself?
A fertility app like Premom is very helpful in tracking cycles and ovulation, and users can even seamlessly pass this information on to their doctor. But, hidden data sharing is the cost of such convenience. Consumers can’t depend upon watchdog groups like IDAC to do the research and prosecute; they must be proactive.
Reading an app’s privacy policy very carefully is a good first step; don’t commit until you understand exactly what they collect and how they protect it. “Although the privacy policy may not be accurate, as demonstrated with our Premom findings, it should provide a general overview of what information the app collects and shares,” Palfrey notes.
Another way to protect yourself? Don’t use Premom at the present time.
“Unfortunately, without having the tools to verify the app is collecting only what it discloses that it is, it’s difficult to really know. We recommend using more established apps and removing the app from your phone when it is no longer needed,” Palfrey suggests.