EXPERT REACTION: All the ways your menstrual tracking data can be misused

Menstrual cycle tracking apps are a “gold mine” for consumer profiling, collecting information on everything from exercise, diet and medication to sexual preferences, hormone levels and contraception use, according to a University of Cambridge report.

A report from Cambridge’s Minderoo Centre for Technology and Democracy argues that the financial worth of this data is “vastly underestimated” by users who supply profit-driven companies with highly intimate details in a market lacking in regulation.

The report’s authors caution that cycle tracking app (CTA) data in the wrong hands could result in risks to job prospects, workplace monitoring, health insurance discrimination and cyberstalking – and limit access to abortion.

They call for better governance of the booming ‘femtech’ industry to protect users when their data is sold at scale, arguing that apps must provide clear consent options rather than all-or-nothing data collection, and urge public health bodies to launch alternatives to commercial CTAs.

“Menstrual cycle tracking apps are presented as empowering women and addressing the gender health gap,” said Dr Stefanie Felsberger, lead author of the report from Cambridge’s Minderoo Centre. “Yet the business model behind their services rests on commercial use, selling user data and insights to third parties for profit.”

“There are real and frightening privacy and safety risks to women as a result of the commodification of the data collected by cycle tracking app companies.”

As most cycle tracking apps are targeted at women aiming to get pregnant, the download data alone is of huge commercial value, say researchers, as – other than home buying – no other life event has such dramatic shifts in consumer behaviour.

In fact, data on pregnancy is believed to be over two hundred times more valuable than data on age, gender or location for targeted advertising. The report points out that period tracking could also be used to target women at different points in their cycle. For example, the oestrogen or ‘mating’ phase could see an increase in cosmetics adverts.

Just the three most popular apps had estimated global download figures of a quarter of a billion in 2024. So-called femtech – digital products focused on women’s health and wellbeing – is estimated to reach over US$60 billion by 2027, with cycle tracking apps making up half of this market.

With such intense demand for period tracking, the report argues that the UK’s National Health Service (NHS) should develop its own transparent and trustworthy app to rival those from private companies, with apps allowing permission for data to be used in valid medical research.

“The UK is ideally positioned to solve the question of access to menstrual data for researchers, as well as privacy and data commodification concerns, by developing an NHS app to track menstrual cycles,” said Felsberger, who points out that Planned Parenthood in the US already has its own app, but the UK lacks an equivalent.

“Apps that are situated within public healthcare systems, and not driven primarily by profit, will mitigate privacy violations, provide much-needed data on reproductive health, and give people more agency over how their menstrual data is used.”

“The use of cycle tracking apps is at an all-time high,” said Prof Gina Neff, Executive Director of Cambridge’s Minderoo Centre. “Women deserve better than to have their menstrual tracking data treated as consumer data, but there is a different possible future.”

“Researchers could use this data to help answer questions about women’s health. Care providers could use this data for important information about their patients’ health. Women could get meaningful insights that they are searching for,” Neff said.

In the UK and EU, period tracking data is considered “special category”, as with that on genetics or ethnicity, and has more legal safeguarding. However, the report highlights how in the UK, apps designed for women's health have been used to charge women for illegally accessing abortion services*

In the US, data about menstrual cycles has been collected by officials in an attempt to undermine abortion access.** Despite this, data from CTAs are regulated simply as “general wellness” and granted no special protections.

“Menstrual tracking data is being used to control people’s reproductive lives,” said Felsberger. “It should not be left in the hands of private companies.”

Investigations by media, non-profit, and consumer groups have revealed CTAs sharing data with third parties ranging from advertisers and data brokers to tech giants such as Facebook and Google.

The report cites work published last month from Privacy International showing that, while the major CTA companies have updated their approach to data sharing, device information is still collected in the UK and US with “no meaningful consent”.

Despite data protection improvements, the report suggests that user information is still shared with third parties such as cloud-based delivery networks that move the data around, and outside developers contracted to handle app functionalities.

At the very least, commercial apps could include delete buttons, says Felsberger, allowing users to erase data in the app as well as the company servers, helping protect against situations – from legal to medical – where data could be used against them.

“Menstrual tracking in the US should be classed as medical data,” said Felsberger. “In the UK and EU, where this data is already afforded special category status, more focus needs to be placed on enforcing existing regulation.”

The report stresses the need to improve public awareness and digital literacy around period tracking. The researchers argue that schools should educate students on medical data apps and privacy, so young people are less vulnerable to health hoaxes.

The report ‘The High Stakes of Tracking Menstruation’ is authored by Dr Stefanie Felsberger with a foreword by Professor Gina Neff and published by the Minderoo Centre for Technology and Democracy (MCTD).

Notes:

*Case studies – UK:

Women accessing illegal abortions:

According to the British Pregnancy Advisory Service (BPAS), from 1967 to 2002 only three women were convicted of having an illegal abortion in England and Wales, but since then the number has increased drastically.  Abortion provider MSI reports of almost ‘60 criminal inquiries in England and Wales since 2018, compared with almost zero before’.

The increased number of investigations does not mean more illegal abortions are taking place, but indicates increased police focus on miscarriages and unexplained cases of pregnancy loss, leaving judges ‘flabbergasted’ as to why some cases reached court.

Women suspected of illegal abortions are pushed into tests during hospital stays after procedures without legal representation. Police have also repeatedly requested data from abortion providers on people who have been turned away from a BPAS clinic because they were over the legal limit for an abortion (which the BPAS has refused to provide). Those under investigation routinely have their phones and other electronic devices confiscated. Police have also made requests for data from menstrual tracking applications in the course of police investigations.

Abortion civil rights organisations have raised their concerns over the use of CTA data in investigations. It is not only data from CTAs, but also text messages and search history that have been used in investigations. Nonetheless, the threat of CTA data being used in police investigations in the UK is of great concern to users. This is taking place in a context where the UK government has put pressure on tech companies to develop inbuilt backdoors into the encrypted services they offer.

**Case studies – US:

Tracking data as court evidence

In 2015, Jeannine Risley reported being sexually assaulted at her boss’ home where the police found a knife, overturned furniture, and a bottle of vodka. She informed police that she lost her FitBit in the struggle with the assailant. When her FitBit was recovered and its data downloaded, the tracker’s movement and heart rate data was taken as contradictory evidence to Risley’s testimony. Risley was charged with making a false report to the police and fabricating evidence.

Preventing abortion access in the United States

Two cases in the US have demonstrated the continuing use of menstrual data against those with periods. In Missouri, the state’s health department kept track of the menstrual cycles of patients in an attempt to investigate failed abortions. Officials also tracked medical ID numbers, gestational age of foetuses, and dates of medical procedures. The investigation led to the withholding of St. Louis’ Planned Parenthood license and led to a state hearing. During President Trump’s first administration, the Office of Refugee Resettlement tracked and monitored the menstrual cycles of unaccompanied minors seeking asylum as part of efforts to prevent them from accessing abortions, even in cases of rape.  The spreadsheet containing dates of menstrual cycles, how long people had been pregnant, whether sex had been consensual, and if they had requested abortion access was made available to the public through a freedom of information request and published by MSNBC.

While in these examples the data did not come from menstrual trackers, but was compiled by others about people’s menstrual cycle, it illustrates how central menstrual tracking data is in efforts to prevent access to abortion services.