Research from UK-based advocacy group Privacy International has uncovered period-tracking apps sharing sensitive data with third parties including Facebook. Tracking apps like Maya and MIA Fem which boast millions of users across the world have allegedly been sharing information including the timing of their user’s periods, recorded menstrual symptoms, moods and logged sexual activities.
The research claims this data is shared with Facebook through its Software Development Kit (SDK). The kit, which contains software development tools and helps developers to incorporate features, also allows for Facebook to routinely receive user data. The report alleges that Facebook receives information on the user regardless of whether they have an account or not and irrespective of whether they are logged onto the site.
After the report was published, Maya removed Facebook’s Software Development Kit from its app and a spokesperson denied breach of consumer data. Facebook has also denied receiving information from the tracking apps.
Why is this important?
Personal and sensitive information relating to health is highly valuable to advertisers for the purpose of ad-targeting. Sharing information relating to a user’s mood, symptoms or sexual activities allows advertisers to target them with specific products and services.
Jamal Ahmed, lead Privacy and GDPR compliance consultant for Kazient Privacy Experts comments, “It is extremely disturbing to learn that these organisations have little respect for the privacy rights of their users and the privacy legislation. The GDPR explicitly protects special category data – including personal information related to health – from being shared in such a fashion. I would encourage all European citizens that are users of these apps to complain to the supervisory authority in their country. If you are a user in the UK, you can file a complaint with the ICO.”
What does this mean for GDPR?
On the companies side, privacy policies tend to be presented in convoluted language which makes it difficult to determine how the information is processed. In addition, most users do not read privacy policies in their entirety opting instead to place trust that their information will be processed and used in a confidential manner.
Given this invasion of such sensitive private information, it remains to be seen how the regulation will adapt to fix this loophole and what the Information Commissioner’s Office will do to hold the app companies accountable.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.