How period tracker concerns have brought data privacy issues into the foreground

By Fraser Edwards, co-founder and CEO at cheqd.

The recent period tracker scandal has sharpened conversations about data privacy and imbued them with a new immediacy. In the aftermath of the U.S. Supreme Court’s decision to overturn Roe vs Wade, numerous women were urged by the White House to delete their period trackers. Many worried that the personal health data stored in the apps could potentially be subpoenaed by state authorities and used against them in a hypothetical criminal abortion case.

This violation of data privacy came as a shock for many individuals, serving as their first exposure to the limitations of the current data ownership model, which places control of users’ data into the hands of third parties. However, arguably one of the most shocking things about this turn of events is that it is not that surprising. Instead, it comes as only the latest example in a long list of health apps consistently violating users’ privacy by accessing, storing, monetizing, and giving away their most personal information without permission.

The uptick in health apps violating data privacy has brought to the fore an endemic and underlying conundrum: how can we continue to reap the benefits of these apps while ensuring our most sensitive data is protected? Could alternative models of data ownership, like self-sovereign identity (SSI) or decentralized identity, which puts individuals in complete control of their data, play a part in changing the narrative around data privacy?

The number of people downloading health apps shot up during the pandemic, with usage increasing by over 37 percent. These apps ranged from virtual doctor’s appointment services to period trackers, symptom checkers and step counters. Undoubtedly, they have helped empower people to take control of their health, when their well-being seemed particularly precarious.

Nonetheless, some health apps have been at the centre of disputes over data privacy. A recent investigation into the 23 most popular femtech apps found that only 16 of the apps displayed a privacy policy, and only 12 requested consent from users. Twenty out of the 23 apps also shared data with third parties, and three apps started collecting data before obtaining the user’s permission. Elsewhere, a separate study in the British Medical Journal found that a staggering 47 percent of health and fitness-related apps on Google Play fail to comply with their privacy policy.

As a 2018 New York Times investigation showcased, the data that these apps collect on individuals is not trivial. An enormous amount of information about an individual’s preferences and activities can be deduced through apps tracking their location data alone. This data can be assembled into a pattern, analyzed, monetized and then used in harmony with other apps, merging data sets to offer a broad spectrum of insight and continual learning about an individual’s personal life and well-being.

This tangle of contradictions illustrates the central problem at the heart of the current data ownership and monetization models. Although health apps have value and many have tangible outcomes for users, such as quitting smoking, most apps are delivered ‘over the top’ of the healthcare value chain. Therefore, app providers need to monetize differently. The second contradiction is the app’s need for more and more data from its users. By providing more data and information, users are more likely to get personalized recommendations, leading to more significant outcomes. However, an app requesting more data feels like a gross intrusion of privacy and can lead to potential and unintended consequences.

As long as third parties retain control of an individual’s data, personal data will start to feel like a trap, that is used to track and influence users without adequately reimbursing them for the massive financial returns that their data generates in the first place.

SSI, also known as decentralized identity, is one solution that could help end this problem by enabling the creation of an alternative data ownership model that puts individuals entirely in control. Instead of fragmented pockets of data owned by different third-party institutions, individuals would be able to see all their health data together and then selectively disclose that data to third parties as and when they choose.

By allowing the individual to house and store their data, decentralized identity would thus put a stop to companies exploiting or sharing an individual’s information. Furthermore, the technology’s decentralized nature would also help prevent the creation of centralized data silos that could prove a ripe ground for hackers, helping to ensure further that the user’s private information remains firmly in control.

Over the past few years, health apps have become fundamental to maintaining our well-being. Indeed, a recent survey showed that 26 percent of the UK public would rather use health apps than visit a GP or hospital. This trend is certainly set to grow. Imagine enabling apps monetization within healthcare value chains – for instance, as part of social prescribing or a health insurance package? There are studies already showing the use of VR apps for treatment of PTSD or phobias. Importantly, for digital health to reach its full potential, integrating apps into routine clinical practice and in partnership with healthcare professionals will be essential. Wouldn’t it be great, for example, if doctors could prescribe apps and pay for them in the same way as they get paid for medicines? Wouldn’t it be good if the patients could get paid for using the app e.g. to get vaccines? This helps the GP practice get paid and reduces risks for the health insurer.

However, to continue safely reaping the benefits of these apps, we need an urgent reassessment of unethical data practices. While the recent scandal over period trackers has brought privacy issues into the foreground with a new immediacy, health apps have a long and shady history of privacy violations. Therefore, telling individuals to delete or disable these apps is no longer enough. We need to think bigger, embracing the potential of alternative data ownership controlling models, like SSI, to create a safer online experience for all. One that looks to not only protect but add value to healthcare, as digital security has the power to allow the industry to leverage technology and begin to aid in patient treatment without patients fearing personal data intrusion or security breaches.

About the author

Fraser Edwards (CEO), has a rare skillset, blending technology and business acumen and rarer experience. He has deep consortium and self-sovereign identity knowledge. He’s led the Known Traveller Digital Identity (KTDI) project with the World Economic Forum and Dutch and Canadian governments amongst the stakeholders. He also has blockchain payments expertise through architecting cross-blockchain payments on the Jasper-Ubin project with the Singaporean and Canadian Central banks. Fraser has patents in cross-ledger payments. His career has been a series of unique challenges, one after the other and he is thrilled to be taking on the adoption of self-sovereign identity as his next.

DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.

Article Topics

biometrics  |  cheqd  |  data privacy  |  decentralized ID  |  digital identity  |  healthcare  |  mobile app  |  self-sovereign identity