When the U.S. Supreme Court decided to overturn the constitutional right to an abortion, apps that collect private information about users’ reproductive health suddenly became a major concern. Abortions can be penalized by law, which means internet users need to be extra cautious when searching, emailing, or texting about an abortion. It also means data from health apps can be used against them in court.
Considering these risks, some reproductive health apps are changing their policies to better protect user privacy. For example, Flo is experimenting with an "anonymous mode" and Bellabeat started encrypting user data.
However, not every reproductive health app has taken active steps to safeguard its users. Mozilla’s analysis found that 18 out of the 25 reproductive health apps and wearable devices investigated put sensitive user data at risk.
When users are unsure about how safe their sensitive information is online, myths run rampant. With no established rules around how to collect, store, and share user information, each app creates its own policies, leading to confusion and misinformation among users.
To help you separate truth from misinformation, here are the top five myths around reproductive health apps and your privacy, and what experts have to say about each.
Myth #1: If the app is free, it sells my data.
Debunked: Even before the overturning of Roe v. Wade, privacy experts warned that if the app is free, you are the product. In other words, many “free” apps profit from sharing your personal data with advertisers.
While this is true for some apps, not every app generates revenue this way. “Even though the app is free, it still can make money on paid subscriptions, and advertising or selling related products,” says Sylvia Kang, co-founder and CEO of the reproductive health company Mira which encrypts user data.
But this doesn’t mean all paid apps are safe either. Subscription-based apps like Flo and My Calendar Period Tracker have been found to still share user data, so it’s difficult to assume whether an app protects your privacy or not simply based on its price. Regardless of the price tag, you should be wary of apps that may and try to collect your data.
Myth #2: If I delete my apps, it’ll help to protect my data from potential prosecution
Since Roe V. Wade was overturned, several tweets and advice articles have surfaced telling women to delete their period tracker apps, but experts say deleting an app isn’t enough to keep you safe. Just because you delete the app from your phone does not mean the data gets deleted from the company’s records. Even if you close your account, the app still has years of data on you that they may continue to use unless you personally request them to delete it, which can be a complicated step for many users.
Moreover, reproductive health apps aren’t the only source of information used to track who might be getting an abortion. Meta (a.k.a. Facebook) and other “free” services you use daily may give up sensitive information about you if required. “Posting on social media about looking for abortion services, or talking to people through text messages, can all easily reveal your reproductive choices,” says David Ruiz of global cybersecurity firm Malwarebytes.
Myth #3: Reproductive health apps are not private and should not be used.
It can be tempting to shun all reproductive health apps for lacking user privacy, but “privacy is a spectrum,” says Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project. “The level of protections that each user needs will be different depending on their specific circumstances.” Moreover, as the political scenario shifts, apps are likely to continue changing their policies, which will change how much privacy each platform offers.
For example, apps like Bellabeat encrypt your data while others like Flo let you use an anonymous mode. Yet, features like these don’t guarantee full safety. As we’ll see below, anonymous and encrypted data isn’t as foolproof as you’d think. Still, having some protection is better than none.
Myth #4: The anonymized data that apps provide to advertisers is truly anonymous
Using an app in an anonymous mode or letting it share your data anonymously with third parties might seem like decent protection, but is the anonymized data really anonymous?
“Anonymized data shares enough information about an individual — location, browsing habits, and other 'non-identifying' information — that can easily be searched by data brokers to find someone,” says Art Shaikh, founder and CEO of CircleIt, an end-to-end encrypted chatting platform. “The amount of data collected by some of these apps, even excluding names and other 'identifying' information, can be used to find someone just by using a search engine.”
Myth #5: Reproductive health apps are required to follow HIPAA regulations
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect private medical information. This prevents doctors, hospitals, and other healthcare providers from revealing patients’ medical records. However, HIPPA doesn’t prevent sharing health information about vaccination status and deidentified data (information that doesn’t personally identify you).
Unfortunately, reproductive health apps are not required to follow HIPAA regulations. “HIPAA is essentially only meant to protect communications between a patient and their doctor,” Shaikh says. “As communications and data that you willingly put into an app not associated with a healthcare provider are not considered protected, they are not subject to the same rules, and [the apps] can sell or even give the data away for free.”
Keep your data safe
As laws and policies shift, there’s a chance more myths will spread. There’s no blanket guide we can offer to solve each and every myth in the world, but we urge you to do your research before trusting everything the app promises.
In an ideal world, every app is transparent about its data sharing policies, but right now, it comes down to the users to do their research and keep their data safe.