A popular fertility app used by women to track their reproductive health is paying $200,000 to settle claims it shared highly sensitive data from thousands of users with shady Chinese companies.
Premom – an Illinois-based company that claims to have about half a million users who can upload confidential information about their menstrual cycles, reproductive health issues, and other fertility-related data.
The company was accused of giving away identifiable user health information and accurate geolocation information to Google and two China-based companies known for “suspicious privacy practices.”
Easy Healthcare, the developer of Premom, has pledged to stop sharing sensitive information, though it admitted no wrongdoing.
Last year’s lifting of legal access to abortion sparked a new wave of health privacy concerns as millions of American women use fertility apps to track their cycles, which could potentially be used to penalize anyone who seeking or considering an abortion.
More than a dozen states have restricted access to abortions after the overthrow of Roe V Wade
Premom asks users to upload details about their sexual health, such as ovulation and basal body temperature, to receive personalized remote analytics to help predict how to conceive naturally
Premom is owned by Illinois-based Easy Healthcare, an e-commerce medical supply company. Premom allows users to upload their ovulation test strips, which Easy Healthcare also makes
D.C. Attorney General Brian Schwalb said: ‘Local residents who used the Premom app had a right to confidentiality of their locations and devices, but Easy Healthcare shared that private information with third parties without notice or consent, putting users at risk.
“With reproductive rights under attack across the country more than ever, it is essential that the privacy of health care decisions is vigorously protected. My office will continue to ensure that companies protect consumers’ personal information from unauthorized interference with access to effective reproductive health care.”
The FTC did not disclose the names of the Chinese companies that obtained the sensitive information, but said they had been “flagged for suspicious privacy practices.”
Widespread concern about the sharing of sensitive reproductive health data peaked in June 2022 when the Supreme Court overturned a 50-year precedent for legal abortion.
The data stored in apps like Premom is extremely telling: when a period stops or starts, and when a pregnancy starts and stops. And privacy experts have been on edge ever since, knowing full well that data could be subpoenaed or sold to third parties.
The app was launched in 2017, but reached a major milestone in November 2019 with half a million downloads.
During the pandemic, the company shifted to a largely remote platform in many industries. Premom started offering virtual consultations with fertility specialists in July 2020.
HIPAA, the federal health information privacy law, has no jurisdiction over period tracking apps, and in fact, aspects of the law have failed to keep up with the advent of new technologies such as fitness trackers.
For its part, Easy Healthcare said, “Our agreement with the FTC is not an admission of any wrongdoing. Rather, it is a settlement to avoid the time and expense of litigation and allows us to put this matter behind us and focus on you, our users.
“Please rest assured that we do not and will never sell user health information to third parties, nor do we share it for advertising purposes… Protecting users’ data is a high priority, which is why we have always been transparent with and fully cooperated with the FTC’s review of our privacy program.”
Under the settlement, the company has agreed to pay a $100,000 civil penalty for violating the Health Breach Notification Rule, according to the FTC.
It will also pay $100,000 to state AGs.
Wednesday’s settlement agreement follows FTC action taken about three years ago against a similar app called Flo. The app, used by more than 100 million women, took a beating for putting no limits on how outside companies like Google and Facebook could use the health information of millions of women. data for targeted online advertising.
The investigation revealed that the app was sharing data while the company repeatedly promised users that their data would be protected and not shared with others.