Menstruation apps store excessive information, privacy charity says

Exclusive: Privacy International finds apps collect information on birth control habits or how hard it is for women to reach orgasm

Menstruation apps are unnecessarily storing personal data such as what medication women are on, their birth control habits and how hard women find it to reach orgasm, privacy campaigners have said.

A study of five leading apps by Privacy International, a UK-based charity, found that companies held intimate information on users including answers to questions about when they have yeast infections and how often they have sex or see a gynaecologist.

The use of menstruation apps has risen in recent years, with increasing numbers of women using them to record their cycle and to help them get pregnant.

Privacy international are arguing that registration should be optional on these apps, and should not require an email address. They want data to be stored on the phone, adding that only information strictly required to provide information related to the menstrual cycle should be collected.

It follows research from the charity last year that found that some apps have been sharing their users’ private information with Facebook.

Their latest research has been described by legal experts, a former minister and a period poverty charity as “very disturbing”.

Eva Blum-Dumontet, a senior researcher at Privacy International, who used five apps and then asked what information was held about her using a data subject access request, said reading the findings was “chilling” and “it makes us realise just how much data those apps actually collect, store and sometimes share with others.”

She added that it’s easy to think that data disappears into the ether when we are constantly asked to share more “and this is why requesting our data from the apps we use is a good exercise.”

Ravi Naik, legal director the data rights agency AWO, said the revelations were concerning, adding that transparency was vital for these apps.

The research found Flo, a period tracker and pregnancy app, keeps data on what users write in their “notes” section. They stored the answers to a range of questions including how hard it is for women to orgasm. Another section of the app lets users write what medication they are taking which is also accessible to the platform.

Flo shares data with a number of outside companies, which they say is to improve how the app works.

A spokesperson from Flo said: “As with nearly any app, Flo utilises third-party service providers to better understand the usage of its product so it can improve user experience and ensure the accuracy of the app’s insights which our users rely on. To be clear, Flo never sells user data or shares sensitive user data with third parties for advertising or any other use beyond helping improve the functionality of the app.”

Clue, an app produced by Biowink, had potential access to users’ birthdays, if the birth control section had been filled, and if Fitbit was enabled. Every time a user interacts with the app, the information is collected and stored and tied to a device ID and location. The company shares data with a number of external parties.

A Clue spokesperson said it has never sold or would sell data. They said they stored user data safely. It also helped fix bugs. They added that data helps them carry out research with academic universities and other organisations, noting that in that instance all datasets are de-identified before being shared.

A spokesperson for the Information Commissioner’s Office, UK’s data protection watchdog, said: “Under data protection law, organisations have to ensure that their processing is fair, lawful and transparent and that appropriate security is in place. In addition, special category data – such as health information – requires greater protection because of its sensitivity.”


Sarah Marsh

The GuardianTramp

Related Content

Article image
UK data watchdog to review period and fertility apps amid security concerns
Move announced after ICO research found half of women using the tracking apps had concerns over how their data was being used

Hibaq Farah

07, Sep, 2023 @4:27 PM

Article image
Information Commissioner's Office 'let down' over illegal snooping

Tougher sentences urged for hacking and subterfuge as police defend handling of News of the World case

Caroline Davies and James Robinson

02, Sep, 2009 @10:46 PM

Article image
TikTok could face £27m fine for failing to protect children’s privacy
Investigation finds video-sharing app may have breached UK data protection law between 2018 and 2020

Mark Sweney

26, Sep, 2022 @2:28 PM

Article image
Department for Education’s handling of pupil data ruled illegal
Data watchdog finds ministry broke GDPR by mishandling national database for England

Richard Adams Education editor

07, Oct, 2020 @4:59 PM

Article image
Cabinet Office fined £500,000 over New Year honours list data breach
Regulator says safety of hundreds of individuals was jeopardised after their addresses were posted online

Dan Milmo Technology editor

02, Dec, 2021 @12:46 PM

Article image
Customer data used for unwanted romantic contact, UK poll shows
Almost one in three people aged 18-34 have been messaged by staff after giving personal details to a business

Hibaq Farah

21, Aug, 2023 @11:01 PM

Article image
Information commissioner defends lack of journalist privacy prosecutions

Going after more than 300 journalists after Operation Motorman report would not have been good regulation, says Christopher Graham. By Stephen Brook

Stephen Brook

02, Sep, 2009 @2:08 PM

Article image
Royal Free breached UK data law in 1.6m patient deal with Google's DeepMind
Information Commissioner’s Office rules record transfer from London hospital to AI company failed to comply with Data Protection Act

Alex Hern

03, Jul, 2017 @2:01 PM

Article image
FaceApp row: UK watchdog monitoring privacy concerns
Information Commissioner’s Office says people should check how apps use their data

Jedidajah Otte

18, Jul, 2019 @12:35 PM

Article image
Privacy is at risk owing to basic security failures, warns information regulator
Organisations are told that missed software updates and poor password management lead to same breaches being repeated, writes Tom Brewster

Tom Brewster

12, May, 2014 @3:37 PM