Explainers

The Dark Side of Data Sharing In The Femtech Industry

Pinterest LinkedIn Tumblr

The rise of the femtech industry in 2016 saw women’s health being taken more seriously on an economic, social and even political scale. Already estimated to be worth around USD$22 billion, the industry is expected to grow to USD$60 billion in the next five years. On the surface, you may think we should all be cheering on the femtech revolution for advancing research into women’s health… But diving deeper, it’s clear not all parts of femtech is for the benefit of users.

Almost immediately after the U.S Supreme Court decided to overturn the 1973 Roe v Wade decision, calls to delete period-tracking apps went viral. U.S-based users were understandably concerned that the data collected by the apps could be used to incriminate them. While Australian period-tracking app users do not face the same immediate concerns, it’s still worth examining why there is little to no regulation on data-sharing for these apps and the sensitive health information that powers the femtech revolution.

What is the femtech industry?

‘Femtech’ was coined by Ida Tin, co-founder and CEO of period-tracking app Clue. She came up with the term as a way to legitimise the female health technology market, drive investment and normalise conversations about women’s health. Now, femtech encompasses a range of solutions and businesses all aiming to improve health for women across categories including: menstrual health, fertility, menopause, maternal health and sexual health.

Data is the business model

With the good comes the bad, and unfortunately some within the femtech industry are using the guise of feminism to collect and share sensitive data to third parties. Period or menstrual-tracking apps is just one example of how this might be done. They are marketed as a tool for the individual to be empowered by being able to see and understand their own sensitive health information. In reality, the apps are built on a one-size-fits all model which involves not only collecting but sharing users’ data.

Many period-tracking apps have failed to meet basic data privacy standards. Earlier this year, a review published in the Journal of Medical Internet Research analysed the data security of the 23 most downloaded and highest-rated femtech apps (more than half were cycle tracking or pregnancy-related). It found that:

  • 85% (20) of these apps shared data with third parties;
  • 69% (16) displayed a privacy policy, and;
  • Only 52% (12) requested consent from users.

Women’s Health Tasmania put it aptly in a 2019 blog post: “Even if you’re just tracking your period to establish patterns for yourself, you’ll never be the only person to see your data”.

How are femtech apps sharing our data?

The way some period-tracking apps use our health information is not aligned with claims of ’empowerment’. For example, if an app knows you are tracking your cycle to get pregnant, you might find advertisements within the app are all pregnancy or fertility related. And vice versa, if you’re trying to prevent pregnancy.

The way these apps can get away with sharing your data is through a concept called ‘implied consent’. Dr Anna Bunn, Associate Investigator at the ARC Centre of Excellence for the Digital Child, explains that Australian laws are finicky on this topic. “From a legal point of view, you are giving your consent when you join, when you sign in and when you create an account. Even if you’ve never read the privacy policy, when you tick the box saying you’ve read the privacy policy… you’re really consenting to those uses or potential uses.” 

Australia’s data privacy laws are governed by the Office of the Australian Information Commissioner. As per their rules, consent should be informed… but can also be implied. When it comes to period-tracking apps, Bunn says: “If they’re asking you when’s your last period, what’s your height, what’s your weight… by giving them that information you’re consenting to them collecting it.”

“The question is what can they use it for? That comes down to what is in the privacy policy”. So, do you remember the last time you read a privacy policy?

On top of all this, it’s important to keep in mind laws and privacy policies only apply to these apps functioning as intended. Even a health app with the best privacy practices can be hacked, compromising your data anyway. Some of the biggest, richest tech companies in the world have had user data hacked, stolen and (usually) sold – femtech and health apps are at constant risk of cybersecurity breaches too.

How can we protect our health privacy? 

The simple solution: Read every single privacy policy, or stop using these apps. But for those of us who know we just won’t do that (most of us), Bunn has more feasible solutions.

“Don’t give permission to the period-tracking app to get information from other apps, say Google Fit.” This restricts each app to only using (and perhaps, selling) the data you directly provide it. Bunn also warns against any health tracking apps that ask you to sign in: “Generally what that means is there’s going to be sharing of data between platforms.” Ultimately, if users continue to use these apps there is no guarantee data will stay private – if you can, use apps that don’t require sign-in.

To address these serious data concerns since the overturning of Roe v Wade, some apps like Flo have launched an anonymous mode and promised to “never share or sell user data and only collects data when we have a legal basis to do so and when our users have given their informed consent.” Clue similarly released a statement letting users know because they are European based, users’ data will be protected under European law.

While these are positive steps, the only way to be sure your sensitive health data is protected is by going back to the old pen-and-paper methods.

Femtech needs to do better

Of course, femtech is not the only industry susceptible to these privacy breaches and hacks – these same concerns apply across all digital health innovations, and tech in general. Other health apps have also come under fire for sharing users’ data with third parties, and a 2021 study found 88% of health apps on the Google Play Store were using tracking identifies and cookies to track user activities. TikTok recently admitted their staff in China are able to access Australian user data, despite previous assurances that this data was ‘safe’.

The reality is that any app you have on your phone right now may very well be sharing your data with third parties – it is unfortunately a risk we take every day.

The difference comes from the stated purpose of femtech as a sector. The way some companies are using data collected under the guise of feminism makes it feel even ickier. When these apps can be used to undermine and marginalise the very people they claim to empower, we start to enter very dangerous territory – precisely what those in the U.S. are terrified of right now. Femtech needs to do better. Because if we’re not careful, the risks of femtech may begin to outweigh the benefits.


Related Posts

Comments are closed.