In a significant settlement, Premom, the company behind a popular fertility app, has agreed to pay $200,000 in federal and state fines after allegations emerged that it had shared users’ personal health information without their consent. The Federal Trade Commission (FTC), along with the attorneys general of Connecticut, the District of Columbia, and Oregon, reached the settlement with Premom, which also includes a ban on sharing personal health information for advertising purposes.
The investigation revealed that Premom had been sharing users’ personal health data for years without their explicit consent, including sharing with Google and two Chinese companies. The FTC and the attorneys general assert that the app violated the Health Breach Notification Rule, a federal regulation, by collecting and sharing personally identifiable health information with third parties, despite claiming in its privacy policy that only non-identifiable data would be shared.
Furthermore, the complaint against Premom alleges that the app shared location information and device identifiers with Chinese data analytics companies, potentially exposing users’ identities to third parties. This revelation raises concerns about the privacy and security of user data, particularly considering the potential implications in light of increased scrutiny of fertility trackers and health information following the US Supreme Court’s ruling last year on federal protections for abortion.
The unauthorized sharing of personal health data affected hundreds of thousands of Premom users from 2018 to 2020. As part of the settlement, Premom must ensure the deletion of the data shared without users’ consent from third-party systems. The case serves as a reminder that healthcare decisions and personal information must be protected, especially in a climate where reproductive rights are under threat.
DC Attorney General Brian Schwalb emphasized the importance of safeguarding privacy in healthcare decisions, particularly in the face of increasing challenges to reproductive healthcare rights. The FTC echoed these sentiments, vowing to vigorously enforce health privacy rules and defend consumers’ health data from exploitation.
Premom, the parent company of the fertility app, has not yet provided a comment on the settlement. The resolution of this case underscores the need for companies to uphold their privacy policies and prioritize the security of user data in an era of growing concerns about privacy breaches and data misuse.
The settlement with Premom comes at a critical time when reproductive rights are facing challenges across the country, raising concerns about the potential impact on the privacy of healthcare decisions. The Supreme Court’s decision in Dobbs v. Jackson has led to the enactment of anti-abortion legislation that has put pressure on fertility apps, search engines, and other technology platforms to disclose user data in potential prosecutions of abortion-seekers.
The case against Premom highlights the urgency of protecting the privacy of healthcare choices, particularly in the face of potential encroachments on access to reproductive healthcare. DC Attorney General Brian Schwalb emphasized the importance of safeguarding personal information to prevent unlawful intrusion into effective reproductive healthcare.
Samuel Levine, Director of the FTC’s Consumer Protection Bureau, reiterated the agency’s commitment to combat health privacy abuses. Levine emphasized that Premom’s breach of privacy promises and compromise of consumer privacy will be met with vigorous enforcement of the Health Breach Notification Rule. The FTC’s focus is on defending consumers’ health data from exploitation and ensuring the accountability of companies that mishandle sensitive personal information.
As the use of fertility apps and digital health tools continues to rise, users must be confident that their personal health data is handled with utmost care and in accordance with their consent. The Premom case serves as a reminder to both app developers and users about the importance of robust privacy measures and transparency in data handling practices. Moving forward, regulatory bodies are likely to maintain a watchful eye on companies in the healthcare technology sector to ensure compliance with privacy regulations and the protection of user information.
With privacy concerns and data breaches becoming increasingly prevalent, it is crucial for companies in the healthcare industry to prioritize data security and establish robust safeguards to protect user information. Users, on their part, should remain vigilant about the data they share and regularly review privacy settings and terms of service to make informed decisions about the apps and platforms they use to manage their personal health information.