Fertility App Sued Over Non-Consensual Data Sharing

Written by

The Illinois company behind a popular fertility app is being sued for allegedly sharing user data with third-party companies without first securing users' consent. 

Easy Healthcare Corp, based in Burr Ridge, is the developer of ovulation tracking app Premom, which helps users to identify the days on which they are most likely to conceive. 

lawsuit filed against the company alleges that a variety of sensitive data belonging to app users was shared non-consensually with at least three different firms located in the People's Republic of China (PRC).

Information allegedly shared includes sensitive healthcare information, device activity data, geolocation data, user and advertiser IDs, and device hardware identifiers. 

Among the identifiers allegedly shared were Wi-Fi media access controls or MAC addresses, router MAC/BSSID addresses, and router SSID (Service Set IDs). Because the identifiers do not change, they can be combined with other data to gather information on app users' religion, health, political views, interests, and other sensitive data. 

The plaintiff bringing the suit said she discovered that Easy Healthcare Corp had shared her data with Jiguang (Aurora Mobile Ltd), Umeng, and UMSNS, an activity analysis, precision marketing, financial risk control, and location-based analysis services provider. 

According to the suit, the plaintiff's data was shared with the Chinese companies for three years without her knowledge or consent and is now stored on servers in China, where it is at risk of being seized by the Chinese government.

It is further alleged that Easy Healthcare profited from sharing the data with the Chinese firms and that the company misrepresented its data-sharing practices. 

According to the lawsuit, the Premom privacy policy states, “We will not share or sell your personal data to advertising platforms, data brokers, or information resellers,” so sharing such data would be a direct policy violation.

The plaintiff also claims that user data is recorded every time Premom users unlock or use their phone, regardless of whether they are using the Premom app. If true, this violates Google Play’s developer policies.

An attorney representing Easy Healthcare told Information Security Media Group: “The allegations are without merit, and Easy Healthcare is confident it will prevail."

What’s hot on Infosecurity Magazine?