Menstrual cycle tracking apps could jeopardize the safety and privacy of users, a new report warns, with personal data commonly sold to companies.
The stakes are high since period tracking apps have soared in popularity and become ubiquitous amid limited access to information, a lack of research and stigma about menstruation health.
A 2024 study estimates that global downloads for the three most popular menstruation cycle tracking apps surpassed 250 million.
Those who use apps that track periods often don’t consider the data “intimate” or commercially valuable, and need more protections from potential abuse of their personal information, according to the report released Tuesday by The Minderoo Centre for Technology and Democracy. MCTD is an independent team of academic researchers at the University of Cambridge in the U.K.
“Menstrual tracking applications turn personal health information into data points to be collected, analyzed, and sold,” according to the report.
Data sold to companies, advertisers
The study noted the apps pose “significant risks” for users as femtech has become a “lucrative trend” and the user data is “extremely valuable” for a wide range of companies, from those that developed the app to big tech firms and advertising industries.
Femtech refers to digital products, services or technologies promoting women’s health and wellbeing, with period-tracking apps making up 50 per cent of the US$22 billion market in 2020.
“People vastly underestimate the commercial value of menstrual data and the extent to which it can provide insights into their political preferences, health issues, or reproductive choices,” researchers wrote.
The apps offer a way for users to track daily information on anything related to their menstrual health, such as menstrual cycles, predictions on periods, premenstrual syndrome (PMS), ovulation and fertility.
Security and privacy risks
To add to the concerns, researchers say the apps also pose risks to data security and privacy, noting it’s widely used in the online advertising industry.
“Self-tracking data has been used to police people’s reproductive choices, to undermine a user’s testimony in court, and it can lead to increased vulnerability in intimate relationships, partner violence, risks to job prospects via employer access to CTA (cycle tracking application) data, workplace monitoring, or possible health insurance discrimination,” according to the report.
Meanwhile, the report also referred to “severe security risks,” noting an example in the U.K. where period tracker data was used to charge women for illegally accessing abortion services.
Are period apps accurate?
The study notes many medical studies showed that the apps “fail to accurately calculate cycle length or ovulation windows” and additional data from people is often not used to improve predictions. Rather, researchers say the information is “predominantly a source of value” for the companies.
“With most apps providing no or very little information on how predictions are made, a 2023 study found that some users were encouraged to track more data to fine-tune their predictions and train an imagined algorithm,” it wrote.
While users commonly turn to the apps to help them conceive or prevent getting pregnant, people with irregular cycles or conditions such as poly-cystic ovary syndrome, endometriosis, or premenstrual dysphoric disorder may also use the apps to try to understand their medical issues. Many people use the apps to track their emotions and bodily functions as well.
Recommendations
The report recommends improving health care for and incentivising research on menstrual and reproductive health, such as through cycle tracking companies and research institutes working together. It encourages schools and organizations to help raise awareness about menstrual tracking for all ages.
Additionally, it recommends alternatives, such as public bodies developing apps that are “trustworthy” and collect data in a “responsible way.”
The report also calls for stricter regulation of menstrual tracking data as “sensitive health information” in the United States and tighter enforcement of existing regulations in the U.K. and European Union. It suggests improving security through “consent options,” clear and accessible privacy policies, and prioritizing data privacy and security in the app design. Apps could be more “transparent” by providing clear information on how tracking data is used to make predictions, with interface options for those who cannot or do not want to become pregnant.
The report notes that not all women menstruate and not everyone with menstrual cycles is a woman. For instance, it wrote that children and teenagers have periods, trans men can menstruate and trans women can experience symptoms similar to premenstrual syndrome (PMS). Most apps are designed for straight cis women who want to get pregnant, it added.
David Young, a privacy and regulatory law expert in Toronto, told CTVNews.ca in a video interview Monday that Canada’s Personal Information Protection and Electronic Documents Act already follows the report’s recommendations, though the law is “not always enforced.”
According to Canada’s federal privacy law, an organization must not require individuals to consent to the collection, use or disclosure of their information beyond “explicitly specified, and legitimate purposes.”
“Assuming those specific and legitimate purposes are the tracking that the individual is seeking by use of the app, then they shouldn’t be allowed to also require, as a condition of using the app, that they’re going to sell that information to somebody else,” Young said. He noted Canada also faces a problem with companies selling consumers’ medical data, including electronic health records.
Young said menstrual-related cycle data is considered “sensitive personal health information.”
“And that has a very high standard of compliance under any privacy law, meaning that there must be clear ... consent to for whatever uses are going to be made of that information. So it’s not something you can just use by way of implied consent.”
