After the Supreme Court overturned the constitutional right to abortion in 2022 and banned abortions in Tennessee, Dr. Danielle Kelbas stopped using an app that tracks her menstrual cycle.
“I was scared… I was actually scared because I was tracked for like a week,” Kelbas said of the Oura Ring’s Cycle Insights feature, “and I was like, where is this information going?”
Shortly after the Supreme Court’s Dobbs v. Jackson decision struck down the constitutional right to abortion, data privacy experts warned to take a closer look at menstrual cycle tracking apps, as the information recorded by these apps, or tracked via wearable devices like Fitbits and Oura Rings, could be used to prosecute people who seek abortions in states that criminalize abortion.
Kelbas, a former emergency physician, is a big fan of the Oura Ring, which she researched extensively before buying, as the device gives users insight into biometric data like heart rate and sleep quality.
When the company announced a period-tracking feature called Cycle Insights, she was excited to try it, but when she started digging into the terms and conditions, she found no clarity about how her data would be stored, how secure it was, or whether it was encrypted.
Dr. Daniel Kelvas is an Oura Ring user, but stopped using the device’s period tracking feature after he couldn’t review the privacy policy. “I wondered where this information was going.” (Courtesy of Daniel Kelvas)
States Newsroom reached out to Oura for clarification on Cycle Insight’s privacy policy, but did not respond to a request for comment.
Kelbas, 34, lives in Chattanooga, Tennessee, where abortion is prohibited except to prevent the death of the pregnant woman. The law, which took effect in August 2022, makes it a crime to obtain or perform an abortion.
“So I deleted it,” Kelbas said of the app.
That’s the story of Opal Pandya, a 25-year-old Philadelphia resident who deleted the Flo app after reading a case study about data exposure to outside parties. She also noticed that she had just logged into Flo when she suddenly started seeing targeted ads on Instagram for products to help ease her period symptoms.
“I realized my data was flowing across multiple platforms,” she said.
She wasn’t convinced, and didn’t have the time to research who would have access to the data. The final push came when she learned that third-party data could be used in state prosecutions of abortions banned by state law.
After trying out the Apple Watch’s cycle-tracking feature for a while, Pandya stopped using it and stopped wearing it to bed because the watch uses body temperature to track her ovulation cycle while she sleeps at night.
Pandya said health care privacy is an issue she’s always been wary of, and while there are benefits to tracking menstrual information, the Dobbs decision showed her that there could be “serious consequences” if that data is compromised.
“I’ve always been sensitive about my health information and understand that there is a deep distrust of the health care system as a whole,” Pandya said, “and the overturning of Roe v. Wade has only strengthened and broadened that distrust, especially among minority women.”
Kelvas, who now runs a medical writing service and consults for software company IT Medical, is keenly aware of the challenges of tracking menstrual cycles.
As a physician, she said she can’t stress enough how important it is for people to have access to cycle tracking — at a time when some states are attacking access to birth control, it’s one of the few tools available to give people more control over their family planning and reproductive health.
But her experience in health IT has highlighted how sensitive data can easily go unprotected. Many people think all medical information is protected under the federal privacy law known as HIPAA. But other medical technologies, like menstrual cycle tracking apps or text messaging platforms that allow patients to communicate with their doctors, are not.
Kelbas said reproductive rights are difficult to navigate in highly restrictive states. “It doesn’t matter what we do, we’re always going to have problems.”
“For many women, suddenly becoming pregnant means becoming illegal,” Kervas says. “What happens after that? For many, the reality is that they no longer own their uterus.”
What data is available?
No data from period-tracking apps has been subpoenaed so far, likely due to the slow pace of the court process, said Jake Laperroux, associate director of the Security and Surveillance Project at the Center for Democracy and Technology. While there are still very few cases of any form of electronic data being subpoenaed, many companies run the risk of having to hand over data to prosecutors or courts through their terms of use.
Laperroux warned that the data that could be used to prosecute abortion cases could be more extensive than what is recorded in a period-tracking app.
“There’s a lot of seemingly innocuous data in healthcare, including location data, communications, metadata patterns, and even information you don’t realize you’re generating.”
Laperroux said.
For example, if social media apps had access to a user’s location, prosecutors could timestamp a visit to an abortion provider through location data from any number of apps.
“Data collected by apps and wearables could be used by law enforcement or individuals to sue or target people who exercise their reproductive rights or seek abortion information or care,” she said.
Digital footprints have been used in reproductive litigation since before the Dobbs decision.
In 2018, a Mississippi woman was charged with second-degree murder after the birth of a stillborn baby at her home. Part of the prosecution’s case was that she had previously researched how to obtain an abortion.
Last year, a Nebraska teenager was convicted of having an abortion after prosecutors subpoenaed Facebook messages between her and her mother.
How to assess data privacy
Andrew Crawford, a senior adviser focused on health care privacy at the Center for Democracy and Technology, said that for now, much of the responsibility for protecting users’ data falls on users themselves.
“Really, the onus is on users to do their own research,” Crawford said, “and unfortunately, that sometimes means reading very complicated privacy policies or searching for keywords.”
The terms of use for any app or wearable device should state what data it collects, how it is used, and who else can access it. An app may automatically ask for access to your contacts, location, photos, etc., but you don’t have to grant all permissions. Period tracking apps often share information with data brokers, advertisers, or third parties that are hard to track.
Users should also be careful about what apps do with the data they obtain. The key word to watch is “encryption,” or data that has been converted into a secret code that can only be unlocked with a unique digital key.
Crawford also said that data stored locally on a device tends to be more secure than data stored in the cloud: It would be much harder for law enforcement to access encrypted data stored only on the device than it would be to issue a subpoena to a company.
As long as data is recorded somewhere, there’s always a risk, Laperroux said.
“But the police can only search your phone if they give you a warrant and seize your phone,” he said.
Most wearable devices that collect biometric data have some sort of encryption feature, and Apple’s privacy policy states that all health and fitness data stored on the device and synced to iCloud is encrypted when the device is locked.
“This means that if you use the cycle tracking feature and have two-factor authentication enabled, your health data synced to iCloud is end-to-end encrypted and Apple cannot read it as it does not have the keys to decrypt it,” the company said.
Fitbit and Oura Ring also say they use encryption measures, and all three companies have said they must comply with subpoenas from law enforcement.
The cost of data
Elizabeth Ha (27), an app developer based in Los Angeles, developed a menstrual cycle tracking app called “Monthly” in response to the Dobbs v. Jackson decision. All health data entered into the app is stored privately on the user’s device and is not entered into a database. Users can delete the app (and the data that comes with it) at any time, and Monthly does not disclose the data to anyone other than the user.
Ha had used a period-tracking app for years, but the Dobbs decision and the spotlight on data privacy at the time forced her to take a harder look at where she recorded her information.
“Once the data goes into a data warehouse, it becomes like a black box,” she said.
She feels pretty safe about her reproductive rights in California, but isn’t sure what’s going to happen next or whether there are other people out there who need safer options, she said of Monthly, which was released on app stores late last year.
The mobile app sector is very new, having only developed over the past decade or so, so it’s evolving rapidly, she said. Many period trackers are free because they’re developed by large companies that can collect and sell users’ data, Ha said.
“For them to be a viable business, a big part of their business is selling data,” she said.
Many Americans are eagerly awaiting a comprehensive data privacy overhaul from the federal government. The American Privacy Rights Act, proposed in Congress in May, would require covered entities to be transparent about how they use consumer data, give consumers the right to access, correct, delete and export that data, and give them the right to opt out of targeted advertising and data transfers.
It would also require that covered entities cannot collect or transfer biometric data to third parties “without the active, explicit consent of the individual.”
For now, anyone who wants to keep their reproductive health-related data safe should pay attention to the terms of use of the devices and platforms they use.
“This speaks to the importance of both surveillance and consumer data in strengthening the law,” Laperroux said. “We need to be more protective.”