When she was trying to get pregnant in late 2019, Alexandra M., 34, an editor in New York City, used femtech app Clue to track her menstrual cycle. After a positive test, she downloaded the pregnancy app the Bump. Only the app and her husband knew she was expecting, but later while scrolling through Instagram, she was deluged with Buy Buy Baby ads. She wondered: Just how does it know?
The platforms Alexandra used are just some of the 1,000-plus period or pregnancy trackers downloaded by millions of women worldwide. Many may assume that since these apps handle sensitive medical information, their intel is safeguarded. Untrue. Only info shared with a health-care provider or a health plan is protected by the Health Insurance Portability and Accountability Act (HIPAA). “Everything I put into my period-tracking app is fair game to be sold,” says Michelle Richardson, director of the Privacy & Data Project at the Center for Democracy & Technology. And marketers and insurance companies are paying big money to use it.
Lori Andrews, a professor at Chicago-Kent College of Law, has the research to prove that: Her team set up a tracking device to monitor 600 medical apps (some collecting period data) and discovered that the majority sent identifiable info (like a user’s prescriptions) to both the app developer and marketing companies. Plus, a report from the Norwegian government that evaluated 10 apps, including Clue, said that all share user data with advertisers and marketers; a Consumer Reports Digital Lab investigation found that four additional femtech apps did the same. (A spokesperson for Clue said that the app shares "usage data" with marketers, but it "doesn’t share personal and sensitive health data with advertisers or marketers.") According to Eva Blum-Dumontet, a senior researcher for the NGO Privacy International (PI), some apps ask invasive questions solely to gain information they can monetize. “They ask about your sex life,” she says. “One asked questions about masturbation.” Out of 36 menstruation apps tested by PI in 2018, 61 percent transferred data to Facebook—whether or not the user had an account—likely for targeted ads. Annoying, yes, and perhaps problematic: If you share a device with people, pop-ups can spill a pregnancy secret; maybe, explains Andrews, you don’t want them to see an ad for an abortion doctor.
It gets more insidious when you realize the info could make its way to your workplace. Some companies require or encourage employees to use health apps, offering a cash rebate or lower insurance premiums. Though apps may claim the info that is shared is not attached to a name (“de-identified”), it’s easy for companies to reunite users with their de-identified data. And it happens: In 2019, it was revealed that pregnancy app Ovia was sharing de-identified info with employers. “There are real possibilities women could get fired because they’ve disclosed [to an app] they were trying to conceive,” Andrews says.
Though creeped out, Alexandra didn’t stop using the apps; as she points out, they can be helpful. The trade-off may be worth it—a personal decision consumers have the right to make. But proceed with caution: It’s impossible to know what intimate information is up for sale.
This article has been updated to include a statement from a Clue spokesperson.
This story originally appeared in the Fall 2020 issue of Marie Claire.