In a landmark decision, the U.S. supreme court reversed Roe vs. Wade, rewriting history in the worst sense by placing a woman's right to an abortion into the hands of the state.
Following this decision, many women in the U.S. immediately jumped into action, deleting their menstrual tracking apps and urging other women to do the same over privacy concerns.
Period tracking apps are extremely convenient, offering features that help women log their menstrual cycles, catch irregular patterns, track ovulation dates, record birth control pills, and so much more. You can get useful insights and predictions about your menstrual wellness, and all of your period data can be shared with your doctor in a couple of seconds since it's stored in the cloud.
Unfortunately, this also means that all your menstrual data can easily be collected by third parties. In a post-Roe world, this has the potential to cause legal repercussions for many women. To prevent their period data from falling into the wrong hands, menstruating individuals have taken to deleting such tracking apps from their phones.
Foregoing such a useful medical tool is a big sacrifice, leaving menstruating individuals with no other option except for traditional mediums such as maintaining physical paper journals.
Right now, and I mean this instant, delete every digital trace of any menstrual tracking. Please.June 24, 2022
But is deleting your period tracking app really the solution? Why should we, the women, be deprived of convenience at the expense of others? The entire situation is unfair, messy, and unavoidable, begging us to ask the question: What can women do to safeguard their privacy and their rights? Is deleting your period tracking app really the right — or only — answer?
To understand the depth of the matter, we have to look at the process that a governmental body has to undertake in order to go about acquiring your menstrual data in the first place. There are many variables here, including the individual menstrual tracking app that you use, how it is associated to your legal identity, and above all else, what could lead an authoritative figure to look into your profile in the first place.
How easy is it for the government to find a potential lawbreaker?
First, we have to understand the steps that a governmental entity has to undertake in order to acquire a set of your menstrual data from a company. A procedure must be followed, but before all of that sets into motion, the government has to have a solid reason to suspect you of committing a crime or having broken a law.
Legally speaking, they cannot monitor everyone to catch traces of possible infringements, as this is against your rights set out in the Fourth Amendment. Additionally, it also takes up a lot of resources to do so. To set the hounds on your trail, something would have to initiate them wanting to look into your menstrual records.
The only reasonable explanation is that someone would have to tip the authorities off for the authorities to begin to suspect you. It could be your doctor, your local pharmacy, or even an individual close to you.
As Kendra Albert, a clinical instructor at the Cyberlaw Clinic, so aptly puts it, the first and foremost threat that an individual is likely to face when being reported for an illegal abortion is probably a third party, not a menstrual tracking app.
"The biggest threat of criminalization is that a third party (like hospital staff or a relative) reports someone to the police for their pregnancy outcome — not that police find their period data in a database," she writes.
How the government collects your data legally
It's not so easy for the government to just walk up to an app development company and order them to hand over your data. They have to have reasonable grounds to suspect you for having broken a state law.
Then they must prove this in court using sufficient evidence and get a warrant that enables them to legally acquire a set of your menstrual data. If the judge is convinced that the evidence is satisfactory, based on probable cause, they can issue a warrant or a subpoena depending on the case in question.
Equipped with the court order, the government can then serve that warrant to a company. After a company has been served a search warrant or a court order, they are legally bound to oblige by the governmental entity's requests.
However, this is within reason, and some companies such as Google actually have the capability to deny the request to a certain extent, or selectively issue sets of data that are relevant to the request without revealing any other personal data to maintain your privacy as much as possible.
It's not just your period tracking apps that paint a picture of your online persona or presence. A lot of other information can be used and collected from several different places to then be used as evidence against you, should you have broken a law. This includes your IP address, your email ID, your GPS location data, your Google search history, and even your purchase history.
All of these things are like little dots that connect who you are online and they keep track of what you do and what you don't do, working in tandem to create your Personal Identifiable Information (PII).
This information isn't sourced solely from menstrual apps. It can be collected from so many different places, apart from your smartphone and computer, including the web, medical records, credit card history, CCTV footage, and even smart wearables such as fitness trackers and smartwatches.
Are foreign menstrual apps a safer alternative?
When Roe vs. Wade was overturned, a lot of women started looking into foreign alternatives such as the German period tracking app called Clue. The assumption here is that a non-American app developer does not fall under the jurisdiction of the U.S., therefore protecting user data from the authorities.
While there is some truth to that, you have to look at the laws that govern the app in question to understand the extent of that protection.
To everyone who uses period tracking apps: to my knowledge, clue is the only popular European app and so if you do not use clue, switch to it and delete any data you have from other apps. Keep your data safe and anonymous. Clue have said that they will keep your data safe <3June 24, 2022
Clue is regulated by the European Union, and the appropriate law that governs data privacy and safety in the EU is the General Data Protection Regulation (GDPR). Yes, it will be much harder for the U.S. government to get a hold of your menstrual data if they have to go through the EU, but it isn't an impossible feat.
So if the U.S. does want to acquire someone's data on Clue, they would have to follow the GDPR. It would be an incredibly long and drawn out process, which would make it arduous for the U.S. government to acquire your menstrual app data. Of course, this would require the assistance of a member of the EU to back the U.S., which is unlikely, but the possibility exists.
What can app developers do to protect your menstrual data?
Now that you understand how the government would actually go about acquiring your data, and what would actually set them off on that trail to investigate you, what can be done about it? Should we all just delete all our period tracking apps and go back to physical journals?
Keeping records of menstrual records is tied to women's health, making it a necessary task for many individuals. It's incredibly useful and sometimes compulsory for people who have various conditions.
Security and privacy expert Chris Stahly, U.S. director of engineering at a Norwegian app security company called Promon, commented on the issue. Stahly highlighted that using any particular app to track health information is a personal decision that a user needs to make. A user must seriously consider the implications of what they're doing, looking closely at every individual app and its privacy statement.
"As consumers, we have to make personal choices about our data privacy on a regular basis. Period tracking apps are no different. It's important to understand the terms and conditions of any transaction done online, and weigh the risks against the benefits," he says. "Ultimately, using any particular app to track health information is a personal decision that the user needs to make, knowing that this data can (and might) be used against them."
Bolstering app security is very much doable, according to Stahly. The burden of duty falls on the shoulders of companies that make these period tracking apps. There are certain simple steps that a menstrual tracking app developer can take to implement real security and privacy controls for user data. As a veteran in his field, he recommends the following changes to achieve a better level of security for period app users:
- App providers can use total data encryption (where the data is unable to be decrypted, except by the user)
- An option for local-only data storage (where the data is only stored on the local device)
- Anonymous data collection (where the user's PII is disassociated from health data)
App developers have the authority and the power to bring about these changes. Some companies have already started to launch helpful features that resonate with Stahly's recommendation.
Flo, a menstrual tracker with an emphasis on fertility, announced an "Anonymous Mode" days after the overturning of Roe vs. Wade. Other companies have also stepped up, going as far as simplifying their terms and conditions to assure users, if and how their data is used for commercial purposes.
At the end of the day, period app development companies have to shoulder the responsibility of handling their users' data with care. They need to make sure that they take the necessary steps to protect your rights. App creators can roll out privacy-focused features such as data encryption, anonymous modes, and offline storage options to their platforms.
Menstrual app companies should also be very transparent about what they do with your data. This can be achieved by simplifying tedious privacy statements and lengthy terms and conditions designed to make the user skip ahead, without fully comprehending what they've agreed to. It's not really that hard, because these are real solutions that can be implemented in the real world.
Until such a day comes when these straightforward changes have been widely adopted, users have to put in the hard work. Do your homework, read through those long clauses and agreements, because your data can be used against you in unimaginable ways. Don't limit these security measures to period trackers, apply it to every piece of technology that you delve in, because none of it is untraceable.
