How to stop period trackers from using your data against you

The news that the landmark ruling Roe v Wade might be overturned sent a wave of anger around the US last month, with millions of women forced to face the possibility that their access to legal abortion will be stripped away. Should this happen, the consequences of having an abortion would be severe. In Texas, for example, anyone who performs, induces or attempts an abortion would be guilty of a first-degree felony – the same category as murder, rape, kidnapping and arson. It would be punishable by up to life in prison and a fine of up to $10k. 

Alongside discussions around women’s bodily autonomy and health, the revelation re-sparked a conversation that privacy experts have been having for years: should we be worried about what period tracking apps are doing with our menstruation data?

“If you are using an online period tracker or tracking your cycles through your phone, get off it and delete your data. Now,” wrote Elizabeth C. McLaughlin, author, attorney and activist, in a tweet that has since gone viral. “If you think that your data showing when you last menstruated isn’t of interest to those who are about to outlaw abortion, whew do I have a wakeup call for YOU.” 

The concern is that once abortion is criminalised, data from period tracking apps could be used to penalise anyone seeking an abortion. Unlike medical records, information collected by apps isn’t protected by HIPAA, the act which limits how much of a patients’ health information can be shared. Plus, the precedent for menstrual data tracking is already there – in 2019 it was revealed that a Missouri health director tracked the menstrual cycles of Planned Parenthood patients in a spreadsheet and used it to identify those who had had “failed medical abortions”.

Location data firm SafeGraph sold information related to visits to abortion clinics for just $160 until very recently, and a recent Mother Jones article detailed how our mobile phones can be weaponised against us by law enforcement when it comes to prosecuting abortions. Meanwhile period tracking app Flo came under fire from The Federal Trade Commission in January 2021. Despite promising to keep users’ health data private, they were found to have shared the data of millions with marketing and analytics firms, including the likes of Facebook and Google. The company has since come to a settlement that means it legally needs to get consent to share user’s data before doing so. 

Millions of people around the world use apps to track their reproductive cycles. Flo claims that every tenth woman in the world between the ages 15 to 49 manages their cycle using the app – over 100 million people – while Clue claims 12 million monthly active users. So there is plenty of data available to harvest – but could information from period tracker apps actually be used in court?  

Jamie Todd-Gher, a human rights lawyer specialising in reproductive and sexual health, believes that no, it couldn’t be viably used. “What qualifies as admissible evidence is different in every case. If this type of data was admitted into court I would think it would be weak, and a person could not be prosecuted on that evidence alone,” she says. Kat Green, managing director of Abortion Access Front agrees that it is unlikely that this type of data will be used in court, but says it is a potential. 

“Because the data is for sale, anybody can get access to it, including organisations who have an interest in prosecuting people seeking abortions. So in states like Texas or Oklahoma, where there is a bounty placed on reporting abortions, people could buy that information and comb it for potential cases to try to get that reward,” she says. Realistically, Green believes most anti-abortion organisations are not actually that tech-savvy, “but it’s not just about somebody ideologically aligned with them, it’s now also people who want to harvest that financial potential,” she explains.

“This should be a wake up call for people to be more cautious about how they use their phones and web browsers to search for information” – Kat Green

A bigger worry, Green says, is the language people are using on social media and search engines and she advises people to be intentional about what they type. “The data collection could definitely be used to prosecute people, but much more immediate dangers are in people using language in texts and on social media to incriminate themselves, like ‘where can I get abortion pills?’” she warns. 

“This should be a wake-up call for people to be more cautious about how they use their phones, web browsers, and social media to search for information,” she continues, advising people to delete search histories and learn how to use encrypted text messaging like Signal. Digital Defense Fund’s abortion privacy guide, outlining the basic risks can also help. “Your phone is a source of information that could be used to criminalise any activity, so the first thing everybody should be thinking about is adding a pin code to their phone, do not use biometric locks and do not unlock your phone for law enforcement voluntarily,” she adds.

Lydia X. Z. Brown, a policy counsel working with the Privacy and Data Project at the Center for Democracy and Technology echoes this: “There are very few protections for health-related data collected by private apps,” they say, adding that people who can become pregnant will be at a serious risk of increased surveillance and prosecution using data like geolocation tracking and search history as well as health data. Like Green, they advise, “people concerned about this should use encrypted messaging services and virtual private networks for web browsing.”

Serenity, 20, from Texas still finds the news very scary, however. “I used the Flo app when I was younger but stopped once I began my birth control,” she says. “It was advertised as a discreet way to track your period, and I would report everything. I’m angry that this could be used against women who are unaware. Who’s to say the programming won’t be altered in the future to report a period picking back up after a few months?” She adds that she has encouraged all of her friends to delete the app. 

So what is the solution? Former Google employee, 28-year-old Charvi is California based and has been working in the privacy space for over a year. Charvi began suspecting her data was being tracked when she was shown targeted ads regarding her health history. “Targeting and data collection is fine when I opt into it. But sharing it externally without my knowledge is a big privacy violation,” she says. “For the past couple of years, I’ve been doing all my health searches in Incognito just to prevent something like this from happening. I believe a stronger technological measure should be taken so that companies are prevented from accessing private information.”

It was these privacy violations that led Charvi and her husband to build startup SlikSafe, an end-to-end encrypted system that stores your data on a decentralised network. “With this news about Flo, I feel even more compelled to extend this technology to build an end-to-end encrypted period tracker app,” she says. 

Charvi hopes that SlikSafe will be the safe space in app form that women need and deserve. And for women still worried, Susan Yanow from SASS, the US project of Women Help Women, suggests using apps like Euki instead, which is the “first app of its kind” to provide the tools needed to manage sexual and reproductive health (SRH) securely. Your data will stay on your phone, and unlike other apps, it doesn’t store data or transmit it to anyone else. And remember to look at the privacy policy of every app you download as a general rule.