Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Aug 2, 2023
Open Peer Review Period: Aug 2, 2023 - Sep 27, 2023
Date Accepted: Dec 8, 2024
(closed for review but you can still tweet)
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
The Fine Print: Exploration of Data Privacy Policies and the Threats Posed to Reproductive Health App Users
ABSTRACT
Background:
Although many mobile applications require the input of identifiable information, certain users are at a higher risk when the data collected is not properly stored and secured. With the changes in government, such as the overruling of Roe v. Wade just over a year ago, users in the US, specifically those of reproductive health apps, are susceptible to these risks. Limited studies have analyzed data privacy policies of reproductive health apps and considered the safety concerns associated with lack of user protection.
Objective:
This study aims to analyze the most commonly utilized reproductive health apps and their individual data policies, in addition to the differences between laws governing data in the United States and in the European Union.
Methods:
Four popular reproductive health apps, selected based on their popularity and country of origin, were downloaded for comparison of respective data use, storage, and sharing policies, demographic ratings, and data security measures. The THESIS Evaluation Tool was used to rate the privacy and security of the selected apps. A content analysis of existing data privacy laws was also conducted to determine efficiency of app use and data protection.
Results:
Findings indicated that while the four reproductive health apps have privacy policies intended to provide users with assurance of data security, there are loopholes that endanger their users. These can include collection of identifiable information with and without proper anonymization or encryption, the sharing of this data with analytical and marketing third parties, and the created accessibility of user information upon request from government agencies, whether through the app itself or third-party platforms. Three out of the four apps collect identifiable information, with one limiting data collection the most. Despite the pretense of not sharing data, all four apps do provide data to third parties, whose own privacy policies vary and may not align with data protection protocols.
Conclusions:
Personal data collected by the app, even unidentifiable, may be linked to specific users and shared with third parties. While there are pending laws pertaining to data privacy, responsibilities fall onto the individual apps themselves to ensure their user data safety.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.