In a historic 6-3 decision on June 24, the Supreme Court voted to overturn Roe v. Wade, eliminating the constitutional right to abortion. Soon after the decision was announced, a worried call to action quickly arose online: Delete your period tracking apps.
It’s not the first time this sentiment has bubbled up on the internet. Earlier this year, when the Supreme Court leak warned us of the decision to come, the same message spread across Twitter, TikTok, Instagram, and more. Women and people with uteruses who rely on these apps to monitor their health were suddenly fearful of how their collected data could be used against them in a hypothetical criminal case about abortion. With this latest Supreme Court decision — and Judge Thomas’s call to the court to further examine precedent-setting right-to-privacy cases like Griswold, Lawrence, and Obergefell — that hypothetical seems a lot more possible.
Here’s what you need to know about the ways period tracking apps treat your data, and how that could affect your reproductive health care.
Can apps just turn over your data?
On a typical period tracking app, users enter data like what day their flow started and stopped, how heavy it might be, and other bodily symptoms. The app then usually learns the user’s patterns and helps to predict when their next period may come, when they might be most fertile, and if they’ve missed a period and should take a pregnancy test.
With the overturning of Roe v. Wade, activists and data privacy experts are concerned about how this data could be used to prove that someone may have had an abortion or was thinking about getting one.
While there is no current precedent for how this specific data would be handled in a criminal case, apps have generally cooperated with criminal investigations in the past, usually in cases against child exploitation. Thus, it matters greatly where each user is located and whether their state is one of the 26 “certain or likely” to legally ban abortions without Roe v. Wade. Some of these states had trigger laws waiting on the Roe v. Wade decision, meaning that abortion was outlawed immediately in some, and will be banned in as little as 30 days in others.
“Since the approach in many states will be to criminalize people for the acts or seeking or providing abortion services, it is key for people in those states to understand that a mobile device is essentially a tracking device,” said Jackie Singh, former senior cybersecurity staffer on the Biden presidential campaign, to Mashable. “While most people tend to leave our Wi-Fi, Bluetooth, and location services on all the time for convenience, and rarely use a VPN or other privacy-protecting software, people who may be newly prosecuted as criminals no longer have the luxury of behaving as entirely free and lawful citizens.”
What to look for when choosing a period tracking app
Popular free period tracking app Flo, which has 43 million active users, came under fire for data sharing last year, reaching a settlement with the Federal Trade Commission regarding allegations that the app didn’t inform its users about where their data was being shared. In this case, the Wall Street Journal found that Flo was informing Facebook every time its users indicated they had their period or were wanting to get pregnant.
While Flo did not admit any wrongdoing in the settlement, and insisted to NPR that it does not share health data with any third party, this investigation and settlement leaves room for doubt as to how the app’s privacy practices are currently enforced, and how that may change when under the pressure of a criminal investigation. In response to Roe v. Wade’s overturning, Flo released a statement saying that a new “anonymous mode” that removes personal identity from users’ data is launching soon. It remains to be seen how this mode will work.
In response, many period app users are calling for others to switch to the free app Clue, a European company that currently has about 12 million users. According to the company’s response to Roe v. Wade, any period health data it receives is extra secure due to its obligation to apply special protections to reproductive health data in keeping with European data privacy law. Clue promises its business model does not rely on selling data to third parties, and that any data collected is de-identified and encrypted. It’s important to note, though, that Flo is also headquartered in London, where the same laws should have applied and seemingly failed.
“Because data is so lucrative, and data collection and user profiling are a core part of most apps’ business models, few apps have any true, provable commitment to privacy, such as a transparency report that makes representations about the company’s stance on data collection,” said Singh. While her standards are high, Singh did point to apps like Drip and Euki as possible contenders for apps that “should keep women in blue states safe” due to their commitment to local data storage and refusal to allow third-party tracking. Singh suggests still using these only in blue states for an extra layer of protection against dragnet surveillance.
Andrea Ford, a research fellow at the University of Edinburgh, also recommended via NPR that users should pay attention to where their data is stored when choosing an app. If it’s stored locally on your actual device, Evan Greer, director of the digital rights advocacy group Fight for the Future, tells NPR that a court would need a warrant to search your phone, which has “a much higher legal bar” to obtain than a subpoena. If it’s stored in a cloud and owned by the company, a subpoena would suffice.
“Data stored in health apps prior to the SCOTUS decision probably doesn’t pose much of a risk,” said Singh. “However, I would caution people who menstruate to stop using any type of app to track their menstrual health if they have any expectation of having a presence in states which are expected to ban abortion. However, we obviously cannot anticipate how future legislation will impact us, so the safest thing is to stop digital tracking.”