Fertility apps collect the kind of intimate data consumers would only usually share with their partners, doctors or very closest friends and family: detailed information about menstrual cycles, pregnancies, health conditions, emotions and sexual activities. They may be used by consumers at vulnerable moments in their lives, when they are trying to conceive, manage unexpected health conditions, or monitor concerning developments in their pregnancy.
This research analyses the privacy policies, messaging and settings of 12 popular fertility apps, and provides evidence of serious privacy flaws. Unfair and unsafe privacy practices of the apps include:
• confusing and misleading privacy messages;
• pervasive tracking of the consumer’s online behaviour, without clarity about whether inferences drawn from this will be treated as sensitive information;
• lack of choice about further uses of their data, including pervasive tracking for advertising businesses and research uses;
• inadequate de-identification of sensitive data shared with other organisations;
• use of the consumer’s sensitive data for poorly defined “research” purposes, which do not depend on HREC approval; and
• retention health data for years after the consumer stops using the app, creating entirely unnecessary risks of data breaches.
These unfair and unsafe practices underscore the urgent need for updated privacy laws to address the data privacy risks consumers too often face, including amendments to clarify and improve: the scope of information covered by the Privacy Act taking into account the realities of modern data practices; what choices consumers can make about their data and how; what data uses are prohibited; what security systems, including technical and organisations measures, organisations should have in place; and a test based on fairness and reasonableness, rather than spurious and mechanistic concepts of notice and consent which organisations have used to disadvantage consumers for too long.