The developer behind the fertility and ovulation-tracking app Premom shared sensitive user health data with third parties, the Federal Trade Commission said on Wednesday, announcing a $200,000 settlement.
“Premom broke its promises and compromised consumers’ privacy,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, in a statement. “Companies collecting this information should be aware that the FTC will not tolerate health privacy abuses.”
The FTC accused Premom’s developer, Easy Healthcare, of deceiving users by sharing their personal information with two China-based firms and other third parties — and sharing sensitive health data with AppsFlyer and Google. The FTC also says Easy Healthcare didn’t notify consumers of the unauthorized disclosures as required under the Health Breach Notification Rule.
The data Easycare shared with third parties “revealed highly sensitive and private details about Premom’s users and led to the unauthorized disclosure of facts about an individual user’s sexual and reproductive health, parental and pregnancy status, as well as other information about physical health conditions and status,” the FTC said.
According to the complaint, Premom didn’t adequately encrypt user data and didn’t limit how third parties used the data.
FTC on Wednesday announced a proposed order that would have Easy Healthcare pay a $100,000 civil penalty for violating the Health Breach Notification Rule and another $100,000 to Connecticut, the District of Columbia and Oregon, for violating those areas’ laws. The settlement still needs a judge’s sign-off, as of the FTC’s latest release on the topic.
The developer would also be “permanently prohibited from sharing user personal health data with third parties for advertising” and “required to seek deletion of data it shared with third parties” among several other restrictions and requirements.
“We recently reached a settlement with the FTC. Our agreement with the FTC is not an admission of any wrongdoing. Rather, it is a settlement to avoid the time and expense of litigation and enables us to put this matter behind us and focus on you, our users,” reads a statement on the Premom website.
“Rest assured that we do not, and will not, ever sell any information about users’ health to third parties, nor do we share it for advertising purposes.”
The Supreme Court’s decision last year to overturn Roe v. Wade sparked new concern about user data privacy on period-tracking apps and how the information could be used to identify women seeking abortions.
