Period-tracking apps store users’ most private data. What will that mean in a post-Roe world?

States that ban abortion could ask period-tracking apps to hand over user information.

Flo Health's period and cycle tracking app

Flo is a popular period-tracking app.

Photo: Flo Health

Period-tracking apps can be a lifesaver for users who want to track their symptoms, view predictions about upcoming cycles and even plan whether they want to conceive or not. In a world in which Roe v. Wade is overturned, privacy experts are concerned that those apps could be forced to hand over some of users’ most private ovulation information.

This isn’t a new worry: Researchers have long waved the privacy flag over the collection of data around people’s sexual lives, medication intake and more. Some period-tracking apps, like FEMM, openly state that third-party platforms could use their data for targeted advertising. Other data has reportedly been used for academic studies and by data analytics providers. But if states outlaw abortion altogether, those apps could be subpoenaed for data on individual users, and that data could then be used as evidence against people who choose to terminate their pregnancies.

It’s a dystopian fear, but not out of the realm of possibility. In fact, it’s happened before: A woman was charged with second-degree murder after a prosecutor used her online searches for abortion pills to imply motive after she lost her pregnancy (although the charges were later dropped). There aren’t many laws preventing period-tracking data from being purchased or requested by police once a user consents to data collection, though some apps limit the collection of information or store it locally on a user’s device.

When users install period-tracking apps and start logging their cycles, they agree to a certain loss of privacy. After all, they have to hand over some information for the apps to effectively predict future cycles, estimate ovulation windows and help monitor their period symptoms. Most users expect that data to remain private, but there’s no guarantee. Most period-tracking apps collect data that can then be shared with advertisers.

“Anything that could be shared with advertisers can be shared with law enforcement,” India McKinney, the director of Federal Affairs at the Electronic Frontier Foundation, told Protocol.

Cycle-tracking apps — and health apps in general, for that matter — aren’t protected by the same privacy protections as patient privacy rules under HIPAA, meaning apps aren’t prevented from sharing this data. McKinney said that makes health-tracking apps of interest to third parties. “Abortion services? Maybe not profitable, but certainly of interest,” she said.

McKinney said in states where restrictive abortion laws have gone into effect, that information could be turned over to a third party if subpoenaed. Say, for example, you live in a state where miscarriages are illegal (there are none, but some state laws are so vague that people have been arrested after pregnancy loss). McKinney said if law enforcement was investigating whether a miscarriage took place and had reason to believe a period-tracking app might have evidence, they could request that data. Even if the app anonymized data, McKinney said it’s easy to re-identify users.

Popular period-tracking apps like FEMM, Flo, Ovia Health and Clue collect a range of personal information, like the length of someone’s period and whether a person had protected and unprotected sex, as well as identifying information like emails and IP addresses. The data is self-reported, but users might not realize that the benefits of tracking their periods might open them up to legal action if abortion is outlawed. Some apps, like Flo, say they don’t hand over any user data to third parties, but McKinney said the fact that they own this user data means it could be requested by law enforcement, and that’s not an uncommon ask. What is unusual is the amount of deeply personal health data that could be exposed if abortion becomes criminalized.

A representative for Clue said health data is “kept private and safe.” The app is required to comply with the EU’s General Data Protection Regulation law, which sets guidelines for collecting and processing personal information, although it’s unclear if those protections extend to U.S. users.

“All our users’ health data is stored on servers in the European Union,” a spokesperson told Protocol.

Representatives for period-tracking apps FEMM and Ovia Health did not return requests for comment.

It’s unclear what kinds of privacy changes these apps might implement if abortion laws become more restrictive.

Evan Greer, deputy director of the nonprofit advocacy group Fight for the Future, said the ability for apps to collect data that could be used by third-party platforms or law enforcement highlights the need for users to better understand consent when using these apps. People may allow an app to collect this sensitive data without realizing it could be used elsewhere.

“Many people just don't actually know what risks are associated with handing over sensitive data to these companies,” Greer told Protocol.

Greer said an important factor is the way an app stores data — some store it in the cloud, where it can be analyzed and shared with advertisers, and some store information locally on a user’s phone. User data in Planned Parenthood’s period-tracking app, Spot On, is stored locally. “No one but you has access to it — not even our developers,” the organization said in 2019. Period-tracking app Euki has the same policy.

At the core of this issue is a lack of federal privacy protections that would require apps to encrypt data and store it locally on a user’s device, said Carrie Baker, a professor of gender, law and public policy at Smith College. The U.S. doesn’t have any singular law that accounts for all types of data collection.

“Our laws around privacy, generally, are not written for the current technological environment,” Baker told Protocol. “They’re not anticipating the kinds of issues with regard to security and privacy that people need to be thinking about today. And I think the abortion issue is just one very frightening example.”


Election markets are far from a sure bet

Kalshi has big-name backing for its plan to offer futures contracts tied to election results. Will that win over a long-skeptical regulator?

Whether Kalshi’s election contracts could be considered gaming or whether they serve a true risk-hedging purpose is one of the top questions the CFTC is weighing in its review.

Photo illustration: Getty Images; Protocol

Crypto isn’t the only emerging issue on the CFTC’s plate. The futures regulator is also weighing a fintech sector that has similarly tricky political implications: election bets.

The Commodity Futures Trading Commission has set Oct. 28 as a date by which it hopes to decide whether the New York-based startup Kalshi can offer a form of wagering up to $25,000 on which party will control the House of Representatives and Senate after the midterms. PredictIt, another online market for election trading, has also sued the regulator over its decision to cancel a no-action letter.

Keep Reading Show less
Ryan Deffenbaugh
Ryan Deffenbaugh is a reporter at Protocol focused on fintech. Before joining Protocol, he reported on New York's technology industry for Crain's New York Business. He is based in New York and can be reached at rdeffenbaugh@protocol.com.
Sponsored Content

Great products are built on strong patents

Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America's technology leadership.

Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.

From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: "intellectual property protection is vital for American innovation and entrepreneurship.”

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.

The Uber verdict shows why mandatory disclosure isn't such a bad idea

The conviction of Uber's former chief security officer, Joe Sullivan, seems likely to change some minds in the debate over proposed cyber incident reporting regulations.

Executives and boards will now be "a whole lot less likely to cover things up," said one information security veteran.

Photo: Al Drago/Bloomberg via Getty Images

If nothing else, the guilty verdict delivered Wednesday in a case involving Uber's former security head will have this effect on how breaches are handled in the future: Executives and boards, according to information security veteran Michael Hamilton, will be "a whole lot less likely to cover things up."

Following the conviction of former Uber chief security officer Joe Sullivan, "we likely will get better voluntary reporting" of cyber incidents, said Hamilton, formerly the chief information security officer of the City of Seattle, and currently the founder and CISO at cybersecurity vendor Critical Insight.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.


Delta and MIT are running flight tests to fix contrails

The research team and airline are running flight tests to determine if it’s possible to avoid the climate-warming effects of contrails.

Delta and MIT just announced a partnership to test how to mitigate persistent contrails.

Photo: Gabriela Natiello/Unsplash

Contrails could be responsible for up to 2% of all global warming, and yet how they’re formed and how to mitigate them is barely understood by major airlines.

That may be changing.

Keep Reading Show less
Michelle Ma

Michelle Ma (@himichellema) is a reporter at Protocol covering climate. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.


Inside Amazon’s free video strategy

Amazon has been doubling down on original content for Freevee, its ad-supported video service, which has seen a lot of growth thanks to a deep integration with other Amazon properties.

Freevee’s investment into original programming like 'Bosch: Legacy' has increased by 70%.

Photo: Tyler Golden/Amazon Freevee

Amazon’s streaming efforts have long been all about Prime Video. So the company caught pundits by surprise when, in early 2019, it launched a stand-alone ad-supported streaming service called IMDb Freedive, with Techcrunch calling the move “a bit odd.”

Nearly four years and two rebrandings later, Amazon’s ad-supported video efforts appear to be flourishing. Viewership of the service grew by 138% from 2020 to 2021, according to Amazon. The company declined to share any updated performance data on the service, which is now called Freevee, but a spokesperson told Protocol the performance of originals in particular “exceeded expectations,” leading Amazon to increase investments into original content by 70% year-over-year.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Latest Stories