Regulator to Investigate Fertility App Security Concerns

Written by

The UK’s data protection regulator is set to review how period and fertility tracking applications process user information, after revealing that many women have concerns.

The Information Commissioner’s Office (ICO) said it has contacted the developers of many of these apps to find out more. It also wants users to come forward and share their experiences.

The regulator claimed that over half of women responding to a recent poll said that transparency over how their data is used (59%) and data security (57%) are bigger concerns when choosing an app than cost (55%) and ease of use (55%).

Additionally, over half of those who use the apps claimed they had noticed an increase in baby or fertility-related adverts since signing up. Although some viewed these ads positively, 17% described them as “distressing,” according to the ICO.

Applications designed to help women manage their menstrual cycles and plan or prevent pregnancy are increasingly popular: the ICO claimed a third of British women have used them.

Read more on the ICO’s work: ICO Warns of “Immature” Biometric Tech

Among the potential harms the regulator will investigate are complicated and confusing privacy policies, apps requesting or storing excessive volumes of personal data, and users receiving upsetting targeted ads they didn’t sign up to.

ICO deputy commissioner of regulatory policy, Emily Keaney, said the watchdog wants to ensure women can use tracking apps with confidence – adding that feedback from users will help it better understand which areas need improvement, as well as the benefits they offer to women.

“As with all health apps, we would expect organizations to safeguard their users’ privacy and have transparent policies in place,” she explained.

“This review is intended to establish both the good and bad of how the apps are working currently. Once we have more information, we will explore next steps, but we will not hesitate to take regulatory action to protect the public if necessary.”

In separate news, the ICO warned developers of connected devices yesterday that it expects them to comply with data protection laws.

“To maintain trust in these products companies must be transparent about the data they collect and how they use it, and ensure that the data is not used or shared in ways that people would not expect,” argued executive director for regulatory risk, Stephen Almond.

“The ICO is developing guidance on data protection and Internet of Things devices and we will act where we don’t see the rules being followed.”

The statement was issued in response to a new Which? report that warned of excessive data collection practices in the industry.

What’s hot on Infosecurity Magazine?