Apps raise privacy concerns

Menstruation monitoring apps are among the latest innovations in ‘FemTech’, but Flinders University law experts Professor Tania Leiman and Lydia Chia warn that the legal implications of who can access this highly personal data from ovulation apps and how it can be used are not clearly understood. 

“As we use apps to monitor more and more about how our bodies function, we need to think carefully about where that data is going and what the unintended consequences – both legal and otherwise – of generating that data might be,” says Professor Leiman, Dean of Law in the College of Business, Government and Law at Flinders University.

“People who menstruate should understand the bargain they are making; is convenience worth giving up your most intimate privacy and data security?”

Photo: Pixabay

Period trackers or ovulation apps monitor menstrual cycles to provide insights into fertility windows and period symptoms, identifying patterns unique to an individual user’s cycle.

Predictions of ovulation days or when the next period will occur is based on data collected from the user, ranging from mood changes and frequency of cramps to sexual habits and basal body temperature.  

Growing popularity of these tools has even seen leading health apps, such as Fitbit and Garmin, incorporate period tracking as an additional feature to its other fitness tracking services, while Apple’s CycleTracker is a standard feature in the Health App on iPhones. 

However, while app users consent to privacy policies that contain varying levels of data and privacy protection, standards regulating data processing, sharing and storage of personal information differ depending on the location in which an ovulation app’s company is domiciled.  

Stringent data processing and third-party sharing laws under the General Data Protection Regulation (GDPR) apply to apps based in the EU, but many jurisdictions outside the EU do not apply the same rigorous standards. 

In Australia, data gathered by ovulation apps fall within the protections for ‘personal’, ‘sensitive’ and ‘health information’ in the Privacy Act, although it’s not clear whether it could be also regarded as ‘biometric information’ or a ‘biometric template’.  

Professor Tania Leiman,
Dean of Law, College of Business, Government and Law

Professor Leiman says issues such as data storage location and de-identification of data or anonymity of information altogether in third-party sharing must be considered in more detail – especially given recent instances of data collected from ovulation apps being shared with insurance companies and employers. 

“In the US, some companies have made data collected from ovulation apps available to employers – enabling them to track intimate details of an employee’s pregnancy,” says Professor Leiman. 

“If data collected from ovulation apps are routinely shared with third parties such as insurance companies, does this allow health insurance premiums to be priced taking account various factors including an individual’s medical history, location and demographics.” 

Professor Leiman says that legal complexities attached to the use of ovulation apps mean that we must think very carefully about the impacts that may have, and what happens to the data generated. 

“While use of ovulation apps may promise many potential benefits, much greater discussion about the legal ramifications is required,” says Professor Leiman, “especially where competing values – including safety, productivity, and privacy – and negotiating power between individuals and corporate data users are not equitably balanced.” 

The full article – “Surveiling our bodies? FemTech and the Legal Ramifications of using Ovulation Apps”, by Tania Leiman and Lydia Chia – has been published in The Bulletin: Law Society of South Australian Journal, May 2023 edition.  

Posted in
College of Business Government and Law