Four out of five of the UK’s most popular period tracking apps share personal data with third parties, a report published today reveals.
Experts criticised the ‘cavalier’ treatment of sensitive personal information and warned it means women’s health data could be being used to target them with tailored advertising.
The analysis of 25 of the most popular menstrual cycle tracker apps in the UK was carried out by the Organisation for the Review of Care and Health Apps (ORCHA), an independent company which assesses health app safety for the NHS.
It found 21 out of the 25 apps analysed – 84 per cent – shared at least some data with external third parties, while 24 out of 25 shared users’ health data with the app developer.
Of those which shared data with third parties, nearly 70 per cent did so for ‘marketing purposes’, while 40 per cent said they shared it for ‘research’ and 40 per cent said they shared it for improving developer services of the app.
Data shared could include details of sexual activity, contraception use and when a user’s period stops and starts. Contact details of users who tracked their periods were also being sold on as marketing contact lists.
Study found 21 out of the 25 apps analysed – 84 per cent – shared at least some data with external third parties
Period and fertility tracking apps have become increasingly popular in the last decade, with the London-based app ‘Flo’ alone having 200 million users worldwide.
Cycle trackers make up the majority of the booming ‘femtech’ market, which was worth $22 billion in 2020 and is predicted to be worth $60 billion in 5 years’ time.
Commenting on the report, health technology expert and GP Dr Marcus Baw said: ‘This data is incredibly valuable to companies with a direct or indirect interest in knowing who is fertile, who is pregnant and who isn’t, or who might be having fertility issues.
‘It’s entirely possible that companies could even use this kind of data to target people with, say, more emotion-driven adverts at a time in their cycle when they’re likely to be more vulnerable to emotional pulls.’
He said that companies were required by UK law to tell users what their data was being used for, but that this information was often buried in terms and conditions or privacy policy which few people read thoroughly before signing up.
Although consumers in the UK have the right to request the data a company holds on them, companies do not have to provide specific details about who they share it with or which parts of the data have been passed on.
The fact that apps are sharing sensitive personal data with third parties adds weight to growing concerns about how data could be misused for surveillance of women, following the controversial overturning of the Roe vs Wade abortion ruling in the US, he added.

Cycle trackers make up the majority of the booming ‘femtech’ market, which was worth $22 billion in 2020 and is predicted to be worth $60 billion in 5 years’ time
Fatima Ahmed, an obstetrics and gynaecology doctor and ORCHA’s clinical lead for women’s health, said: ‘It’s alarming that some of these innovative new tools seem to have been cavalier with women’s very intimate information.
‘It is important… that we protect patient information at all costs. Breach of data is a breach of trust with a patient. Even when patients give consent, it is for a particular reason. It’s never an open and free-for-all access to share.’
The Data Privacy Matters… Period report, published today, revealed the results of researchers’ analysis of the apps against 350 different metrics, including data security, compliance with GDPR and data protection laws, usability and medical accuracy.
It found nearly half failed to meet minimum data security requirements, while only one specifically asked users within the app for their permission to share their data. Others buried this within the terms and conditions or a privacy policy.
Researchers also found that once users signed up to an app and agreed their data could be used, it could be difficult to withdraw consent.
Almost half of the apps tested which processed personal and sensitive data demonstrated poor compliance with GDPR (General Data Protection Regulation) legislation.
And five offered no email address or contact number through which users could request their data be deleted – despite this being a legal requirement.
Only five reached the minimum quality standards to be added to ORCHA’s digital library, which is used by NHS doctors to recommend approved health apps to patients.
And just two – FitBit and Natural Cycles – were recommended as safe and secure.

Study found 21 out of the 25 apps analysed – 84 per cent – shared at least some data with external third parties
The report did not name the apps which scored poorly.
But it said apps that passed the quality threshold were typically broader health apps which offered simple period tracking, such as Fitbit, rather than those offering sophisticated women’s health and fertility monitoring.
It said: ‘It is clear that this is a market of low quality apps… This is particularly worrying, given the high consumer demand for women’s health apps and lack of regulation in app stores.’
The Apple and Google Play app stores were approached for comment but did not respond.
***
Read more at DailyMail.co.uk