Personal health data shared with Facebook

Intimate personal health data is being shared with Facebook, according to a study from Privacy International (PI).

PI studied a range of period-tracking apps to see exactly what information was shared with the social network.It included sensitive details such as what contraception was used, when periods were due, and the type of symptoms experienced.

Since the findings were revealed, one app said it was changing its privacy policies.

Menstruation apps are used by women worldwide to help them keep a check on their monthly cycles or if they are keen to get pregnant, it can help them pinpoint their most fertile days.

Apps such as MIA Fem and Maya were allegedly found to be sending personal details of the users’ heath and sexual activity to Facebook.

The collecting and sharing of sensitive information would be especially concerning if there was ever a data breach and people’s sex lives were made public.

The apps can collect lots of intimate data including stuff about health, sex, moods, food and the types of sanitary products someone uses.

The recent investigation found that the most popular menstruation apps like Period Tracker, Period Track Flo and Clue Period Tracker did not share data with Facebook.

However, others such as Maya by Plackal Tech, MIA by Mobapp Development Limited and My Period Tracker by Linchpin Health did.

The Maya app has five million downloads on the Google Play Store alone, MIA has one million and My Period Tracker by Linchpin Health has over one million.

Sensitive data

Deeply sensitive data such as the use of contraception, the timings of periods, symptoms like swelling and cramps was also thought to have been sent to the social network.

Sharing to Facebook happens via the social network’s software development kit (SDK), tools that can be used by apps to help them make money by reaching advertisers who, in turn, provide users with personalised ads.

When a user puts personal information into an app, it may also be sent by the SDK to Facebook, though Facebook requires app developers to get user consent to do so. 

The report said: “When Maya asks you to enter how you feel and offers suggestions of symptoms you might have – suggestions like blood pressure, swelling or acne – one would hope this data would be treated with extra care. But no, that information is shared with Facebook.”

In a statement to the BBC, Maya said: “All data accessed by Maya are essential to the proper functioning of the product. Predicting information pertaining to menstrual cycles is complex and dependent on thousands of variables.

“Our users are made aware of our Terms and Conditions and Privacy Policy prior to signing up on Maya. Post sign up, our users can export their data and delete their account whenever they choose to.”

Facebook

Meanwhile, Facebook told the BBC: “Our terms of service prohibit developers from sending us sensitive health information and we enforce against them when we learn they are.

In addition, ad targeting based on people’s interests does not leverage information gleaned from people’s activity across other apps or websites.”

The social media giant recently announced that it will be launching a tool for users to stop businesses and apps sharing their personal information with the social network.

The collecting and sharing of sensitive information would be especially concerning if there was ever a data breach and people’s sex lives were made public.

PI says its findings raise serious concerns as to how such apps are compliant with the EU’s GDPR.

The responsibility should be on the companies to comply with their legal obligations and live up to the trust that users have placed in them when deciding to use their service”.

Scroll to Top