"Popular Fertility Apps Are Engaging in Widespread Misuse of Data"
Katharine Kemp, senior lecturer in the Faculty of Law and Justice at the University of New South Wales (UNSW Sydney), conducted a new study that reveals major privacy flaws in fertility apps used by Australian consumers, highlighting the need for reform of the Privacy Act. Fertility apps help users track their periods, identify a fertile window, monitor pregnancy stages and symptoms, and more. Therefore, these apps collect sensitive data. In addition, many of them are designed to be used by children as young as 13. Kemp's report examined the privacy policies, messages, and settings of the top 12 fertility apps used by consumers in Australia, excluding apps requiring a connection with a wearable device. Kemp found that some of these apps have misleading privacy messages, a lack of choice in data usage, inadequate de-identification measures when data is shared with other organizations, and long data retention windows that expose users to unnecessary risk from potential data breaches. Some of the fertility apps do not allow users to choose whether or not their de-identified health data will be sold or transferred to other companies for research or other purposes. Or, the apps have consumers opt-in to these extra uses by default, placing the burden of opting out on the users themselves. Furthermore, not all of the data is properly de-identified. When supposedly de-identified Medicare records were published in 2016, researchers from the University of Melbourne demonstrated how a de-identified record can still be linked to a specific person using only a few data points. This article continues to discuss findings from the analysis of 12 popular fertility apps' privacy policies, messages, and settings.