Premom’s Data Selling Controversy: A Closer Look at Privacy Concerns
Premom, a widely used fertility app available on Android and Google Play, has recently faced scrutiny for its involvement in selling customer data to Chinese companies. The app claims to assist individuals in achieving pregnancy through natural methods by providing fertility and ovulation tracking features. However, it has come to light that Premom has been selling user data to multiple Chinese entities, raising concerns about privacy and data protection. While the compromised data does not include medical information, it encompasses relatively mundane details such as location data, information on installed applications, and unique device identifiers that can be used for tracking users across websites.
This revelation emerged from the research conducted by the International Digital Accountability Council (IDAC), an independent non-profit organization dedicated to ensuring a fair and trustworthy digital marketplace for consumers worldwide. IDAC shared its findings with the Washington Post, revealing that Premom may have violated data privacy laws in Illinois, where the company is based, by collecting and selling user information without proper consent.
Premom is not the only pregnancy app involved in such activities. Consumer Reports has identified five period tracking apps that share data with advertisers. Among them, Ovia shares data with employers and insurance companies as part of wellness programs.
Premom had partnered with three Chinese companies: Jiguang, Umeng, and UMSNS. Jiguang’s access was terminated after IDAC contacted the company, while Umeng and UMSNS maintained access until June 19. One concern raised by privacy researchers is that Jiguang was transmitting data using customized encryption, similar to the approach employed by TikTok prior to its exposure in November 2019.
Numerous questions arise from this scenario. Why are Chinese companies interested in purchasing specific data about pregnant women? Why did Premom deem it ethical to sell location and tracking data to Chinese entities? What purpose would such data serve for the buyers?
The answers to these questions shed light on the situation. All data holds value for someone, and in today’s digital landscape, data is often treated as a dimensionless commodity, conveniently overlooking its potential harm to individuals. Geographical data of women trying to conceive can be combined with tools like Google Maps to de-anonymize the information or utilized for general advertising purposes, which is a more common practice.
In a challenging economic climate, companies may resort to purchasing data to identify employees who may be attempting to get pregnant, potentially targeting them for downsizing. Since it is illegal to directly inquire about an employee’s pregnancy intentions, some companies may opt to acquire such data instead. Having an app like Premom installed on a device is essentially an indication of a user’s intent to have children.
The more mundane explanation, that the data was primarily used for advertising, offers little reassurance. Once data is on the market, it can be used in various ways, and there is currently no federal privacy law in place to address the privacy concerns associated with the modern internet. Numerous companies engage in the buying, selling, and sharing of data from multiple sources, as evidenced by Facebook’s data-sharing practices with firms like Amazon, Microsoft, Netflix, and Spotify. Possessing someone’s location data equates to knowing their identity, making this issue particularly relevant in 2020.
Even if Premom strictly enforces privacy restrictions within its own operations, selling data relinquishes control over how that information will be used, aggregated, or further sold.
Given that pregnancy is a medical condition and that pregnant women are often targeted and harassed by unscrupulous employers, pregnancy apps should never sell location data under any circumstances. Consumer Reports has highlighted that none of the period tracking apps it reviewed met their privacy expectations, as all of them sell user data to third parties, with three out of the five requiring real names.
The problem lies not only in Premom selling data to Chinese companies but in the act of selling data itself. Criticizing China’s data practices without acknowledging the serious issues surrounding data usage by the US government and various American corporations would be unfair.
Instances like the Secret Service employing location data to gather information prohibited without a warrant, or police departments deploying devices like Stingrays without court oversight, demonstrate a lack of proper balance in terms of digital privacy standards. Moreover, police departments collaborate with license plate reader manufacturers to track individuals for corporate debt collection. Location data is increasingly wielded against people who may not even be aware that they are being monitored.
While the United States is not China, it does not set a strong example when it comes to adequately balancing evolving digital privacy standards with the reasonable expectation that downloading an app does not equate to volunteering intimate details of one’s life, linked with unique identifiers and location tracking. The fact that Premom sells data for advertising purposes does not guarantee that it will be used solely for advertising.