Photo: iStock/ FatCamera

No Body's Business But Mine: How Menstruation Apps Are Sharing Your Data

– Privacy International

  • News
  • Posted by Good ID team (Good ID)
  • 10 October 2019

Privacy International exposes the menstruation apps sharing users’ intimate medical data with Facebook

Following on from their 2018 study investigating the privacy practices of popular apps, Privacy International share the results of new research into menstruation apps and their data sharing activities, exposing the extent of data sharing with Facebook and other third party companies.

This report finds that, whilst many of the most popular menstruation apps do no not share data with third parties, a number of the smaller apps – which still have millions of users – do. In particular, Privacy International focus on the data sharing practices of two apps: Maya by Plackal Tech and MIA by Mobapp Development Limited.

Using a data interception tool, Privacy International found that the apps both share sensitive data, such as mood, medication, sexual activities, fertility goals and other medical data with third parties involved in marketing and advertising, including Facebook.

The authors highlight some of the potential uses for this type of intimate data:

“There is a reason why advertisers are so interested in your mood; understanding when a person is in a vulnerable state of mind means you can strategically target them. Knowing when a teenager is feeling low means an advertiser might try and sell them a food supplement that is supposed to make them feel strong and focused. Understanding people’s mood is an entry point for manipulating them. And that is all the more worrying in an age when Facebook is having so much impact on our democracies. Indeed, it is not just advertisers that will want to know how we feel; as elections approach, political parties may want to know if we feel anxious, stressed or excited so that they can adapt their narratives accordingly.”

Good ID reflects a world where all those who handle personal data care about how data is collected, used, controlled and secured. Privacy International conclude their “long read” with a series of recommendations for users, companies and regulators. Noting the effectiveness of GDPR legislation in the European Union, they recommend that companies which serve markets both within and outside of the EU universalise these standards for all users.

The authors also recommend that companies carry out risk assessments and limit data collection and sharing; in particular, they call on Facebook to be more transparent about their data usage and to do more to protect users. They go on to suggest that regulators rigorously enforce data protection laws and scrutinise apps that collect large amounts of data. Finally, they recommend that users make full use of existing privacy settings to defend their data.

The responsibility should not be on users to worry about what they are sharing with the apps they have chosen. The responsibility should be on the companies to comply with their legal obligations and live up to the trust that users will have placed in them

View Article