As the nation awaits the fate of Roe v. Wade, some privacy experts are concerned about how your personal health data is stored online and even shared without your knowledge.
This threat isn’t new but there’s renewed discussion around privacy on health apps with abortion laws potentially changing nationwide.
For women’s health, Flo is a popular one used to track periods and pregnancies, but this information isn’t just personal, it’s intimate.
“It really is some of the most private and sensitive information and some of these apps may be sharing it in ways you don’t expect,” said Alexandra Givens, President and CEO for the Center for Democracy & Technology.
With the potential of Roe v. Wade being overturned, Givens said there’s growing concern that your personal health data in states where abortion services maybe criminalized. She said that information could be obtained by law enforcement or bought from data brokers.
“All of that puts a much higher premium on the privacy and security of your data and the need for people to be able to protect themselves,” said Givens.
This isn’t the first-time health apps have come under fire for sharing personal information. Last year, Flo settled with Federal Trade Commission over allegations of disclosing personal health data from millions of users for marketing.
According to the complaint, the FTC reports “Flo disclosed sensitive health information, such as the fact of a user’s pregnancy, to third parties in the form of ‘app events,’ which is app data transferred to third parties for various reasons.” Flo didn’t admit to any wrongdoing.
“I think that case was a real wake up call for how information can be shared and sold without user’s knowledge,” said Givens.
In a statement to the Washington News Bureau, Flo said it completed an external, independent privacy audit in March. In that same comment, the company said “Flo will never require a user to log an abortion or offer details that they feel should be kept private. Should a user express concern about data submitted, Flo’s customer support team will delete all historical data which will completely remove all data from Flo’s servers.”
Some experts say this concern goes beyond health apps and includes any information you share from using Google maps to shopping online.
On Capitol Hill, the Electronic Frontier Foundation is pushing for a comprehensive consumer federal privacy law with strong enforcement to regulate companies and to protect your sensitive information.
“There has to be a private right of action in the bill. You can write the strongest possible privacy legislation but if you limit enforcement to the FTC or to state attorneys general that bill is not going to be enforced in the same way - if individual consumers could bring a lawsuit class, action lawsuit, individual lawsuit against these major companies,” said India McKinney, Director of Federal Affairs at Electronic Frontier Foundation.
McKinney said this legislation should also allow states to add protections.
“We want the federal privacy law to be a floor of protection, and then have states be able to do things on top of that,” she said.
McKinney said they also believe you shouldn’t have to pay for privacy protections.
“You don’t allow your data to be sold, we’re not going to give you this service, or we’re going to give you 20 bucks, if you let us aggregate and sell your data somewhere else. Whatever you want to call those two things - that needs to not exist either,” said McKinney.
Privacy experts say apps that are created by healthcare providers are covered by health privacy laws.
The Electronic Frontier Foundation also offers information about ways to protect your data. You can find that information here: https://www.eff.org/pages/tools
Below is the full statement from Flo:
Flo firmly believes women’s health data should be held with the utmost privacy and care, which is why Flo does not share personal health data with any third party. In March 2022, Flo completed an external, independent privacy audit which confirmed Flo’s own practices are consistent with its publicly stated privacy policy.
Beyond this, the independent audit specified, “From both a governance and operational perspective, Flo was able to demonstrate a commitment to the privacy and security of its users’ data and has devoted appropriate resources and personnel to ensuring it maintains those commitments.”
Flo will never require a user to log an abortion or offer details that they feel should be kept private. Should a user express concern about data submitted, Flo’s customer support team will delete all historical data which will completely remove all data from Flo’s servers.