According to a recent complaint filed by the Federal Trade Commission (FTC), Premom, a popular fertility tracking app developed by Easy Healthcare, is accused of sharing users’ sensitive health information with third-party advertisers without consent. The FTC’s investigation revealed that since 2018, Premom had been sharing identifiable health and location data with Google and marketing firm AppsFlyer.
Premom, which allows users to track ovulation, periods, and other health information, collected and disclosed data on many users, potentially impacting “hundreds of thousands” of individuals. The shared information included details about users’ sexual and reproductive health, parental and pregnancy status, and other personal health conditions. Additionally, the app shared users’ location data, unique advertising identifiers, and device identifiers, which other advertisers could exploit to track users across various platforms and apps.
The unauthorized sharing of such sensitive data raises concerns about user privacy and the potential misuse of personal information. The FTC’s complaint against Premom highlights the importance of safeguarding user data and obtaining explicit consent for data-sharing practices.
A recent complaint filed by the Federal Trade Commission (FTC) reveals that Premom, a widely-used fertility tracking app developed by Easy Healthcare, unlawfully shared users’ sensitive health information with third-party advertisers. The FTC’s investigation uncovered that since 2018, Premom had provided identifiable health and location data to Google and marketing firm AppsFlyer without obtaining users’ consent.
Premom’s Unauthorized Data Sharing Raises Privacy Concerns and Violates Promises
The FTC complaint states that the shared data allowed third parties to link fertility and pregnancy information “to a specific individual,” raising serious privacy concerns. This unauthorized data sharing violated Easy Healthcare’s privacy policies, which explicitly promised to share only “non-identifiable data” with third parties, thus violating the FTC’s Health Breach Notification Rule.
“Premom broke its promises and compromised consumers’ privacy. We will vigorously enforce the Health Breach Notification Rule to defend consumers’ health data from exploitation. Companies collecting this information should be aware that the FTC will not tolerate health privacy abuses,” Samuel Levine, FTC’s Bureau of Consumer Protection director, said.Â
In addition to sharing data with Google and AppsFlyer, Easy Healthcare allegedly shared users’ identifiable information with two China-based mobile analytics companies, Jiguang and Umeng, known for their questionable privacy practices. The data transferred to these firms between 2018 and 2020 reportedly included IMEI numbers, unique device identifiers, and precise geolocation data.
Connecticut attorney general William Tong stated that sharing users’ sensitive identifiable data with these Chinese analytics companies further compounds the privacy concerns associated with Premom. Such data transfers without explicit user consent raise significant issues regarding data security and the potential misuse of personal information.
Premom Case Highlights the Importance of Privacy Policies and Consent in Protecting Health Data
The FTC’s complaint against Premom underscores the need for strict adherence to privacy policies, protecting sensitive health data, and obtaining user consent for data-sharing practices. This case serves as a reminder of the responsibility companies bear in safeguarding user privacy and complying with regulations surrounding handling sensitive health information.
The Federal Trade Commission (FTC) has accused Easy Healthcare, the Premom fertility tracking app developer, of knowingly sharing users’ sensitive health information with third-party advertisers without proper consent. According to the FTC complaint, Easy Healthcare has provided identifiable health and location data to Google and marketing firm AppsFlyer since 2018, violating their privacy policies and the FTC’s Health Breach Notification Rule.
The FTC alleges that Easy Healthcare knew that the data shared with Chinese analytics companies Jiguang and Umeng could be used for their business purposes or transferred to additional third parties. The company reportedly ceased sharing data with Umeng in 2020 after being informed by Google that the data transfer violated Google Play Store policies.
Under a proposed settlement filed by the Department of Justice, Easy Healthcare has agreed to pay a $100,000 civil penalty for violating the FTC’s Health Breach Notification Rule. Additionally, Easy Healthcare will pay $100,000 to the states of Connecticut, Oregon, and the District of Columbia, which assisted in the FTC’s investigation.
This case represents the second enforcement action by the FTC for violating the Health Breach Notification Rule. In February of this year, the agency reached a settlement with online pharmacy GoodRx for failing to disclose personally identifiable health information sharing with Facebook, Google, and other third parties.