Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.
Press "Enter" to skip to content

Regulating femtech and menstrual data: an opportunity to take privacy seriously 

Millions of women worldwide put their trust in apps to track and record their menstrual data, but over the past few years various ‘scandals’ from reported unplanned pregnancies, to sharing of data with police have underscored the urgent need for better protection of user privacy and data due to the sensitive information this technology stores, processes and shares. If women’s bodies, and our data, are increasingly regulated by the demands of a growing market of personal health technologies, we must take this opportunity to challenge bias and ignorance of women’s health and interests so that these do not become ingrained in new frameworks.

The rise of femtech 

Women have been tracking their menstrual cycle since time immemorial, from recording symptoms via notches on bones to written calendars. In the 2010s, the tracking and recording of menstrual data moved into the digital sphere with the boom of smartphone technologies and apps. This new method of tracking via apps is a part of the broader ‘femtech revolution’ which has received increasing attention in light of its exponential growth in the past few years. Femtech is a category of personal health tracking technology aimed specifically at women, the majority of which focuses on fertility and menstrual health. Menstrual tracking apps are, in essence, a digitisation of the ‘calendar’ or ‘rhythm’ method. Users can input their symptoms (e.g. discharge, bleeding, cramps) alongside other information (e.g. sexual activity). The app’s algorithm then predicts when the user’s next cycle is due to occur, and even when the user is likely to be fertile. The proliferation of apps with algorithms that predict user ‘fertile windows’ came in short succession after the menstrual tracking app boom, with some companies using the latter to offer would-be users a form of ‘digital contraception’. In other words, using the very same algorithmic version of the calendar method, some companies now offer their apps as an effective way to prevent pregnancy.

Intimate data for ‘empowerment’: a fair exchange? 

It is estimated that in 2021 the femtech market was worth $51 billion, and by 2030 its market worth is expected to reach $103 billion. A multi-billion dollar industry, femtech sells the promise of knowledge, empowerment and control over one’s body via messaging shrouded in feminist language about improving women’s menstrual and sexual health practices.  Despite the rhetoric of knowledge, power and control, one cannot consider any empowering effects of femtech (real or perceived) without accounting for these companies’ modus operandi: profit. That profit is primarily (although not solely) gained by the increasingly popular and lucrative business model of data extraction, often without users’ meaningful consent. These types of femtech are, in essence, the surveillance and monetisation of menstruation. But if women are gaining benefit through knowledge, surely this exchange of data for information is a win/win?

Data sharing is frequently framed in terms of two contradictory logics: public benefit and private corporate gain. Dichotomising these two aims is perhaps unhelpful given the complexity of experiences empirical evidence suggests users have of their apps. Indeed, gathering of user data is not, in and of itself, nefarious nor necessarily is the enterprise of femtech. There is nuance to be had here, and reports of both the positive and negative effects of menstrual tracking may be true at the same time. On the one hand, there is strong evidence to suggest several menstrual trackers and/or digital contraceptives are not as effective as their claims suggest (therefore running the risk of leading to unplanned pregnancy). On the other hand, there is also evidence to suggest some users report positive benefits to understanding their cycle more. There are mixed reviews from users as to the welcomeness of targeted advertising (ranging from baby products to menopause products) that can result from third-party data sharing. What is clear is how data is collected, used and shared by femtech companies can impact and shape the lives of those who share their information, for better or for worse.

A double-edged sword 

With regards to data and privacy, legal constraints on data processing and sharing vary jurisdictionally. In most cases, menstrual tracking or digital contraceptive apps operate through a notice and consent system. Through this mechanism, once data is shared users lose control over how their personal data is used by companies and any third-parties it is shared with. Data sharing is of course regulated by the Data Protection Act 2018 in the UK (alongside the UK General Data Protection Regulation). Nonetheless, challenges have arisen with regard to ensuring data protection law is put into practice. Indeed the Information Commissioner’s Office (ICO) has recently commissioned a review of femtech apps’ data security, after warning that they would be ‘going after providers of women’s health apps and auditing them, and getting them to change any practices that are non-compliant’. Unfortunately, data security and privacy law in practice is one part of a larger picture of the ways in which user data is used. In the past few years, the regulation of user data arising from such apps has become increasingly important for a number of reasons. In the United States, for example, there have been numerous reports of data from menstrual tracking apps being used to prosecute women who have attempted to obtain, or sought, an abortion after the overturning of Roe v Wade in 2022. Concerningly, it has also been reported that British police have requested data from menstrual tracking apps when investigating women for unexplained pregnancy loss. This is set against a backdrop of a marked increase in reports of these types of investigations and cases against women in the UK, which has been highlighted by the case of Carla Foster.

A regulatory opportunity 

Unfortunately, it is not news that women’s bodies are surveilled, marginalised and deprioritised in health and other socio-political contexts more broadly. Femtech has been hailed as an answer to this, but many ingrained biases and norms about women’s health and bodies have been transferred to this context. However, the relative newness of this technology presents an opportunity to challenge this adage in contemporary legal and regulatory frameworks. There is a clear juxtaposition of the empowerment felt by many femtech users at increased knowledge (and therefore choices about menstruation and fertility by inputting data) and the overarching power that big tech, and the state, can exert over users where their data is processed and shared. With regards to protecting user data, the ICO’s review is a positive step, but menstrual tracking and digital contraception will undoubtedly continue to evolve and grow in demand. It is therefore crucial that data protection and privacy law is future-proofed so that information is protected in a way that users would reasonably expect.

_____________________________________________________________________

About the Author 

Dr Catriona (Katy) McMillan is a Lecturer in Medical Law at the University of Edinburgh. Her research focuses on the law and regulation of reproduction, with a particular focus on reproductive technologies. The initial research for her project on the regulation of femtech was funded by the British Academy.

_____________________________________________________________________

Photo by Firmbee.com on Unsplash

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel