This article was published on March 8, 2024

Health apps and devices are putting women's privacy at risk

It’s hard to imagine more intimate data than that collected by female technologies or “femtech.” These apps and devices not only monitor women’s menstrual cycles but also record their sexual encounters, orgasms, and pregnancies.

A new study shows that many femtech companies do not adequately safeguard such sensitive information. Some may even intentionally leak personal data to third parties.

The research, led by Dr Maryam Mehrnezhad at the Royal Holloway University in London, is part of a four-year investigation into cybersecurity , privacy, trust, and bias issues in the femtech sector.

Under the study, the team examined popular fertility apps, smart breast pumps, fertility trackers (such as bracelets and rings), kegel trainers, and sex toys. The team found a range of “inappropriate” security and privacy practices — many do not present valid consent, do not give extra protection to sensitive data, and track users.

Mehrnezhad told TNW that companies who compromise the data privacy of their users in this way “ may do it unintentionally” or as a “deliberate attempt for commercial purposes.”

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

In 2021, period-tracking app Flo settled a class action lawsuit over allegations it shared users’ health data with Facebook. The judge found Flo guilty of informing Facebook of in-app activity — such as when a user was having their period. The social media platform would then use this information to display targeted ads.

One 2022 study found that 84% of period tracker apps share data with third parties. While most of this information is sold for commercial gain, sensitive health data could be used for more nefarious means.

“We have identified multiple threat actors interested in fertility and sex information,” said Mehrnezhad. These could be cyber-criminals, insurance companies, or even your employer.

Currently, femtech sits in a legal grey area. These devices and apps are not considered “medical,” so they fall outside the purview of healthcare regulations. However, there are no specific laws in the EU or UK covering them either.

The closest bet are two sets of regulations within the EU’s sweeping data privacy law, the GDPR, which deal with general data protection and medical and health regulation.

“However, as shown in our work, alone or combined they fail to protect the user from malicious practices,” explains Mehrnezhad.

The researchers recommend stronger regulations and more industry oversight, including setting up entities to guide femtech developers toward best practice and ethical decision making. Currently nothing like this exists.

“We believe that the medical and health space is in need of domain-specific and sectoral regulations with attention to the needs of marginalised user groups such as women and those with physical and mental ability limitations,” said Mehrnezhad.

Historically, women’s health has taken a back seat to men’s — leaving a persistent gender gap in data, research, and law. Some 70% of femtech founders are women, many of whom developed their products to improve access to accurate health insights.

While research shows that more ac countability and regulation is needed, Mehrnezhad stresses that providing users with secure, private, and safe femtech products should be the ultimate goal for all parties.

“We hope to see better collaborative efforts acros s the stakeholders to enable citizens to use femtech solutions to improve the quality of their lives without any risk and fear,” she said.

The good news is that some efforts in policymaking are afoot that could address the issue, including the creation of a European Health Data Space , that supports individuals to take control of their own health data.

For now, Mehrnezhad recommends that users of femtech apps and devices should pay special attention to privacy policies, opt-out of data tracking and unnecessary permissions, and uninstall all apps they are not regularly engaging with.

Siôn is a freelance science and technology reporter, specialising in climate and energy. From nuclear fusion breakthroughs to electric vehic (show all) Siôn is a freelance science and technology reporter, specialising in climate and energy. From nuclear fusion breakthroughs to electric vehicles, he's happiest sourcing a scoop, investigating the impact of emerging technologies, and even putting them to the test. He has five years of journalism experience and holds a dual degree in media and environmental science from the University of Cape Town, South Africa. When he's not writing, you can probably find Siôn out hiking, surfing, playing the drums or catering to his moderate caffeine addiction. You can contact him at: sion.geschwindt [at] protonmail [dot] com