Thu. Nov 14th, 2024

Elizabeth Ha created the privacy-minded menstrual tracking app Monthly last year, after failing to find an option that felt safe enough to her following the Dobbs decision. (Courtesy of Elizabeth Ha)

After the Supreme Court overturned the constitutional right to abortion in 2022 and abortion was banned in the state of Tennessee, Dr. Danielle Kelvas quit using an app that tracked her menstrual cycle.

“It frightened me … I actually got frightened because it tracked me for like, a week,” Kelvas said of the Oura Ring feature Cycle Insights. “And I thought, where’s this information going?”

Immediately following the Dobbs V. Jackson Supreme Court decision which struck down the constitutional right to abortion, data privacy experts cautioned to take a closer look at menstrual cycle tracking apps. Information logged into these apps, or tracked via wearable devices like a Fitbit or an Oura Ring, have the potential to be used in prosecuting those who seek abortions in states which criminalize it.

Kelvas, a former emergency room physician, is a big fan of her Oura Ring. She researched the device — which gives insight to users about their biometric data like heart rate and sleep quality — thoroughly before buying it.

When the company rolled out its menstrual tracking feature, called Cycle Insights, she was excited to try it. But when she started reading more into the terms of agreement, she couldn’t find clear cut information about how the data was stored, how secure it was, or if it was encrypted.

States Newsroom reached out to Oura for clarification on its privacy policy for Cycle Insights, but the request for comment was not returned.

Kelvas, 34, lives in Chattanooga, Tennessee, where abortion is banned, with only the exception of preventing death for the expectant person. The law, a trigger ban that went into effect in August 2022, also makes obtaining or performing an abortion a criminal offense.

“So I deleted it,” Kelvas said of the app.

Opal Pandya is in the same boat. The 25-year old Philadelphian deleted the app Flo, after reading case studies about data releases to external third parties. She also took note when she started suddenly getting targeted ads on Instagram for products that would help soothe period symptoms she’d just logged in Flo.

“I realized my data was flowing across multiple platforms,” she said.

She didn’t feel comfortable with that, and didn’t have the time to figure out who had access to that data. The final straw was learning that third-party data could be available to states in prosecuting abortions banned under their laws.

Pandya also opted out of her Apple Watch’s cycle tracking after trying it for a while, and has stopped wearing it to bed, as it tracks ovulation cycles via temperature at night while sleeping.

Healthcare privacy has always been something Pandya’s been wary of, she said, and while there’s benefits of tracking menstrual information, the Dobbs decision showed her there could be “serious consequences” of that data being vulnerable.

“I have always been sensitive about my health information and understand there’s a strong distrust of the medical system as a whole,” Pandya said. “And overturning Roe v. Wade did nothing but solidify and spread that distrust, especially among minority women.”

Dr. Danielle Kelvas is an Oura Ring user, but opted out of the device’s menstrual tracking feature because she couldn’t verify its privacy policies. “I thought, where’s this information going?” (Courtesy of Danielle Kelvas)

Kelvas, who now owns a medical writing service and is a consultant for software company IT Medical, is acutely aware of those delicacies of navigating menstrual tracking.

As a physician, she said she can’t emphasize enough how important it is that people have access to cycle tracking. It’s one of the few tools people have to be in more control of family planning and their reproductive health, as some states attack access to birth control.

But her experience in healthcare IT has highlighted how easy it is for sensitive data to go unprotected. Many people think all healthcare information is protected under the federal privacy law, known as HIPAA. But menstrual cycle tracking apps, along with other healthcare technologies, like texting platforms that patients can use with doctors, are not.

In highly restrictive states, Kelvas said it’s challenging to navigate your reproductive rights — “It doesn’t really matter what we do, we’re always in trouble,” she said.

“For a lot of women, suddenly becoming pregnant means that they are illegal,” Kelvas said. “And what do you do after that? You know, for a lot of people, the reality is that they just don’t own their uterus anymore.”

What data is up for grabs?

There haven’t been any cases where a menstrual tracking app’s data has been subpoenaed yet, but that’s probably due to the slow speed of which cases proceed through the court system, said Jake Laperruque, deputy director of the Center for Democracy and Technology’s Security and Surveillance Project. There have been few cases of electronic data of any form being subpoenaed yet, but via their terms and conditions, many companies leave themselves vulnerable to having to hand data over to prosecutors or courts.

Laperruque warned that the data that could be used to prosecute abortion cases could be more far-reaching than just what’s logged in a period tracking app.

“There are a lot of really innocuous seeming data in healthcare — location information, communications, metadata patterns and even information you don’t know you’re generating,”

Laperruque said.

If social media apps have access to your location, for example, prosecutors could timestamp your visit at an abortion provider’s office through the location data of any number of apps.

“Data collected by apps, wearables, could potentially now be used by law enforcement or even private individuals, seeking to sue or target people for exercising reproductive choice and seeking out information or care around abortion,” he said.

Digital footprints have been used in prosecuting reproductive cases even before the Dobbs decision.

In 2018, a woman in Mississippi was charged with second-degree murder after she gave birth to a stillborn baby at home. Part of the prosecution’s case noted that she had researched how to terminate a pregnancy in the past.

Last year, a teenager in Nebraska was convicted for terminating a pregnancy after prosecutors subpoenaed Facebook messages between her and her mother.

How to assess data privacy

For now, most of the responsibility to protect a user’s data falls on the user themselves, said Andrew Crawford, a healthcare privacy-focused senior counsel with the Center for Democracy and Technology.

“It really is incumbent on users to do their homework,” Crawford said. “And unfortunately, sometimes that means reading really dense privacy policies and looking for keywords.”

The terms and conditions of an app or a wearable device need to spell out what data it’s collecting, what it does with that data and who else may have access. An app may automatically seek access to things like your contacts, your geolocation, or photos, but you may not have to give it those full permissions. Period tracking apps often share information with data brokers, advertisers or third parties that are hard to track.

Users should also pay attention to how an app treats the data it gets. A keyword to look for is “encryption,” or data that’s changed into a secret code that can only be unlocked with a unique digital key.

Data that’s stored locally on your device also tends to be safer than data that’s stored in a cloud, Crawford said. It would be a lot harder for law enforcement to access encrypted data stored only on your device rather than if they can subpoena a company for it.

There’s always risk as long as data is logged somewhere, Laperruque said.

“But police are only going to be able to search your phone if they hand you a warrant and seize the phone,” he said.

Most wearable devices that collect biometric data have some encryption aspect. Apple’s privacy policy says that when your device is locked, all your health and fitness data that’s on the device and synced to iCloud is encrypted.

“This means that when you use the Cycle Tracking feature and have enabled two-factor authentication, your health data synced to iCloud is encrypted end-to-end and Apple does not have the key to decrypt the data and therefore cannot read it,” the company said.

Fitbit and Oura Ring say they use encryption measures, too. All three companies say that they have to comply with subpoena requests by law enforcement agencies.

The cost of your data

App developer Elizabeth Ha, 27, of Los Angeles, built cycle tracking app Monthly in response to the Dobbs v. Jackson decision. All of the health data inputted into the app is stored privately on your device, and doesn’t enter a database. You can delete your app (and subsequently, your data) at any time, and Monthly does not make your data available to anyone but the user.

Ha had been a long-time user of one period tracker app, but the Dobbs decision and the attention that data privacy was getting at the time, forced her to take a harder look at where she was logging her information.

“Once your data gets sent to these data warehouses, it’s like a little bit of a black box,” she said.

She feels pretty secure about her reproductive rights in California, but you never know what’s going to happen or who else might need a more secure option, she said of Monthly, which released on the app store late last year.

The field of mobile apps is so new, developing in the last decade or so, she said, and it evolves so quickly. The reason so many period trackers are free is that they’re built by larger companies that can collect and sell your data, Ha said.

“For them to be a business, a lot of the business is selling the data,” she said.

Many Americans are waiting for a comprehensive, federal data privacy overhaul. The American Privacy Rights Act was proposed in congress in May, which would require covered entities to be transparent about how they use consumer data and give consumers the right to access, correct, delete, and export their data, as well as opt out of targeted advertising and data transfers.

It would also mandate that a covered entity could not collect or transfer to a third party biometric data “without the individual’s affirmative express consent.”

For now, those who wish to keep data related to their reproductive health safe, should be vigilant about the terms and conditions of the devices and the platforms they use.

“It just kind of speaks to the importance of both the surveillance and consumer data side of upgrading the laws,” Laperruque said. “We have to be more protective.”

GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX

By