Following on from their 2018 study investigating the privacy practices of popular apps, Privacy International share the results of new research into menstruation apps and their data sharing activities, exposing the extent of data sharing with Facebook and other third party companies.
This report finds that, whilst many of the most popular menstruation apps do no not share data with third parties, a number of the smaller apps – which still have millions of users – do. In particular, Privacy International focus on the data sharing practices of two apps: Maya by Plackal Tech and MIA by Mobapp Development Limited.
Using a data interception tool, Privacy International found that the apps both share sensitive data, such as mood, medication, sexual activities, fertility goals and other medical data with third parties involved in marketing and advertising, including Facebook.
The authors highlight some of the potential uses for this type of intimate data:
Good ID reflects a world where all those who handle personal data care about how data is collected, used, controlled and secured. Privacy International conclude their “long read” with a series of recommendations for users, companies and regulators. Noting the effectiveness of GDPR legislation in the European Union, they recommend that companies which serve markets both within and outside of the EU universalise these standards for all users.
The authors also recommend that companies carry out risk assessments and limit data collection and sharing; in particular, they call on Facebook to be more transparent about their data usage and to do more to protect users. They go on to suggest that regulators rigorously enforce data protection laws and scrutinise apps that collect large amounts of data. Finally, they recommend that users make full use of existing privacy settings to defend their data.