A ‘data buffet’: Mozilla’s review of pregnancy and period trackers sheds light on data privacy concerns

Amid growing concerns about how data might be used to prosecute women looking for abortion care following the Supreme Court’s overturning of Roe v. Wade, a new report from Mozilla shows just how many ways pregnancy and period trackers collect and share advertising-related data and other info that also might be shared with law enforcement.

According to a review of 25 period and pregnancy tracking apps and devices conducted by Mozilla, researchers determined that 18 did not meet expectations for privacy and security standards. Instead, they found a “data buffet” of phone numbers, addresses, device IDs, IP addresses, unique advertising IDs — such as Apple’s IDFA and Android’s Google Advertising ID — along with sensitive info about menstrual cycles, sexual activity, doctor appointments and pregnancy symptoms. The report, released on Wednesday, also described how companies collect and share data for personalizing ads while most apps didn’t offer clear policies about sharing data with law enforcement.

“It’s the tip of the iceberg,” said Jen Caltrider, lead researcher for Mozilla’s Privacy Not Included initiative. “Literally everything can be used to track somebody seeking reproductive health care now … When abortion was illegal 50-something years ago, the internet didn’t exist. Now, literally, our whole lives online are being tracked and exist in the cloud. Yes, these raise concerns, but so many things raise concerns right now.”

The findings come as part of Mozilla’s “Privacy Not Included” initiative, which aims to help consumers make more data-conscious decisions when choosing various products and services by giving warning labels to apps they might want to think twice about using. For years, the Mozilla Foundation has focused on educating people about privacy issues while also using the topic as a differentiator for its Firefox browser. The new report also provides detailed explainers about each app’s policies and practices while offering tips for how users can better protect themselves by changing a variety of preferences.

As Roe v. Wade was being overturned, Mozilla’s team decided it should also look at period and pregnancy tracking apps, especially in a world where abortion is becoming illegal in some states. The report follows a similar review of mental health apps in May during Mental Health Month, which Caltrider said also revealed “horrible” examples of data collection and sharing.

Although federal law regulates personal health data in the context of health care providers, it doesn’t protect health data in the context of apps; The Health Insurance Portability and Accountability Act was enacted in 1996, just over a decade before the first iPhone was released. However, growing awareness and concern about how sensitive data could be used against women has made passing a federal data privacy law an even higher priority. The topic has also been part of discussions for the American Data Privacy and Protection Act (ADPPA), which last month reached a major milestone in Congress by moving past the committee stage.

“I think there’s been so much heightened awareness of the privacy risks associated with sharing health data since the Dobbs decision came down,” said Caitlin Fennessy, vp and chief knowledge officer at the International Association of Privacy Professionals. “It did add impetus to the ADPPA and we saw a focus on how it addresses sensitive data and the extent to which that would bring in protections for individuals.”

Some apps’ privacy policies are not short. For Ovia Health—which shows ads and sponsored content in the free version—Mozilla points out that the privacy policy is 34 pages long and nearly 12,000 words but claims the app will only use an ad profile for those who opt-in. However, Mozilla points out that Ovia lets Facebook collect device information, which “may use that data to personalize advertising” both on and off Facebook—even if a person isn’t logged into the social network through Ovia.

Some apps including Clue, The Bump and WebMD Pregnancy collect or share data with third parties for advertising, marketing and research, while others including Baby Center also share info with data brokers and social networks. In the case of What To Expect—an app owned by Everyday Health, which also owns the Baby Center app—Mozilla says it collects info from vendors, third parties and public databases and “may sell or transfer” data to advertisers for serving relevant ads. Researchers also pointed out that the My Calendar Period Tracker app shares information with Amazon; they couldn’t even find a privacy policy to review for another app called Sprout.

Some apps have already faced legal and regulatory scrutiny. Last year, the Federal Trade Commission settled a case against Flo Health after the app shared user data with marketing analytics firms including Facebook and Google after promising to keep information private. Meanwhile, a class action lawsuit filed last year alleged Flo secretly collected data about users’ pregnancy attempts that was then shared with third-party companies. (The same lawyers also filed a separate lawsuit against Meta last month alleging the platform showed personalized ads based on existing health issues.)

Most of the apps flagged by Mozilla did not respond to Digiday when asked for a response about the findings. However, a spokesperson for Flo said in an email that the company doesn’t share health data externally and that making revenue from user data “would go against our core promise to our users.” (The spokesperson also noted Flo completed an “external, independent” privacy audit in March and announced a new “Anonymous Mode” in late June that will let users remove identifiers from their profiles.)

In other emailed responses, a Clue spokesperson provided links to May and July blog posts about privacy written by Clue’s co-CEOs while a Sprout spokesperson said Mozilla “incorrectly stated the app does not have a Privacy Policy” and that Apple and Google require all apps to have a privacy policy.

“Our Sprout Pregnancy app has always been privacy-focused and is one of the only pregnancy apps on the market that does not require an account to use the app (no username or password),” the Sprout spokesperson wrote. “And the app data is only backed up to the user’s personal iCloud or Google Drive account.”

According to Mozilla, others such as Period Tracker don’t give advertisers access to period info or other data that users put directly into the app, but still share data such as unique advertising IDs. Mozilla also points out that Glow Nurture & Glow Baby’s info in the Google Play store claims the company doesn’t share data with third parties, but the actual privacy policy says it shares data with a number of third-party advertisers. With Wachanga, a pregnancy tracker, the company’s website says it works with third-party advertising companies, which “may use general information about your visits to the Website, Wachanga Apps and Services as well as other websites in order to provide advertisements about goods and services of interest to you.”

In the case of Maya, the period tracker claims it won’t share identifiable information but does share “anonymized” information with advertisers. But Mozilla also noted a Privacy International report in 2019 that found Maya was sharing sensitive info with Facebook including mood and sexual activity. Other apps’ ad capabilities seem more limited. For example, with Philips Digital-owned Pregnancy+ app, Mozilla noticed that the app encourages people to choose the “Gold” version for customized features including personalized advertising.

Mozilla isn’t the first organization to review pregnancy and period app privacy policies. Last month, the Organisation for the Review of Care and Health Apps (ORCHA)—an independent organization in the U.K. that reviews health care apps for government agencies—found that 84% of the 25 trackers and 24 app developers it reviewed shared data with third parties. While 68% shared data for marketing purposes such as contact lists, just 40% did so for research or to improve the app.

Alessandro Acquisti, professor of information technology and public policy at Carnegie Mellon University, described Mozilla’s findings as “a perfect example of how pervasive and yet insidious the costs of [losing] privacy can be.” That’s because personal information and the value of data changes depending on the context.

“Losing one’s privacy therefore may mean as little as being served online ads you find intrusive, or as much as losing your reproductive rights,” Acquisti said via email. “In fact, the costs of losing privacy can be so diverse that they are hard to anticipate until they eventually materialize. This makes it difficult for all of us to fully realize the value of privacy ex ante.”


More in Marketing

WTF is the CMA — the Competition and Markets Authority

Why does the CMA’s opinion on Google’s Privacy Sandbox matter so much? Stick around to uncover why.

Marketing Briefing: How the ‘proliferation of boycotting’ has marketers working understand the real harm of brand blockades

While the reasons for the boycotts vary, there’s a recognition among marketers now that a brand boycott could happen regardless of their efforts – and for reasons outside of marketing and advertising – that will need to be dealt with. 

Temu’s ad blitz exposes DTC turmoil: decoding the turbulent terrain

DTC marketers are pointing fingers at Temu, attributing the sharp surge in advertising costs across Meta’s ad platforms to its ad dollars.