In the last decade, the internet has quickly become a staple in American society. For Americans today, the internet is not a luxury, but rather, a necessity in many respects.  With the development of modern technology and the invention of smart phones and apps, Americans have become reliant on their devices to track the most private areas of their lives: their personal health. Let’s face it, we have grown so accustomed to technology that we rely on our smart phones to wake us up every morning, send us reminders to take medication, establish our baseline heart rate, and even warn us when that rate becomes abnormal.

With this, it comes as little surprise that millions of women utilize “femtech,” or female technology, to track patterns in their reproductive health such as menstruation and fertility. Among the most frequently downloaded apps within the industry are Flo, ringing in at 43 million active users, and Clue with 12 million monthly active users. While these apps are extremely popular amongst users, U.S. privacy laws do little to regulate the deeply intimate data shared on these apps. Not only is this data incredibly personal, it is extremely revealing. Cycle and fertility tracking apps are so in touch with their users, that they can predict when a user’s cycle begins and ends down to the very day, and when a user may be pregnant. Moreover, these apps can accurately predict when a user has the best chance of conceiving a child.

Accordingly, the Supreme Court’s holding in Dobbs v. Jackson Women’s Health Organization, 142 S.Ct. 2228 (2022) allowed several states to ban abortion and enforce criminal penalties against any individual who aids in or receives an abortion by removing federal protections for the procedure. The implications sparked a wave of concern amongst femtech users and privacy experts. Particularly, users questioned whether this data could be subpoenaed or sold to third parties. More concerningly was if the information could be used against femtech users who have received, or are even considering, an abortion. Once shared on a digital platform, users exercise little control over their own data. Moreover, most health apps retain no accountability over this intimate information because they are exempt from the same standard as medical providers who are legally bound by the Health Insurance Portability and Accountability Act (HIPAA). Thus, the apps are free to use health data as they please.

This concern is heightened by the fact that apps commonly supply data to law enforcement during criminal prosecutions. Although an app’s cooperation with law enforcement typically arises in child exploitative imagery cases, the recent criminalization of abortion has changed the trajectory of investigations. In fact, a Nebraska case revealed that authorities obtained Facebook chat messages between a mother and her 17-year-old daughter to charge the two with carrying out a criminal abortion.

Thus, this wide-spread fear among users and experts is justified. In 2021, the Federal Trade Commission reached a settlement with Flo after it misled users about the security of their personal data. The suit arose after an investigation revealed that the app sold users’ health data to Facebook. Thus, experts urge women who reside in states where abortion is criminalized to delete their apps immediately and revert to using a paper calendar to track their cycles.

Moving forward, it will become increasingly important that users become more cognizant of the data they voluntarily share with cycle and fertility tracking apps. Moreover, there are several safeguards that should be implemented to provide stronger protections for users. Most simply, users can store their data locally. If data remains on a local device—such as a tablet, cell phone, or computer—the data cannot easily be sold to a third-party. In a similar realm, increasing the use of pseudonymous accounts is advantageous in the event of a security breach. This would eliminate a user’s legal name, email address, and phone number from their account; thus, making it far more difficult for a third-party to tie the information back to the user.

At a macro level, eliminating an app’s ability to track a user’s location could provide additional safeguards. Right now, if a user were to undergo an abortion at a clinic, technological tools such as geofence would allow law enforcement to obtain a search warrant to access records on a user’s geographic location. Law enforcement utilize these warrants by specifying a location and time period in which a particular crime occurred. Companies are legally compelled to turn over the information stored in their databases, indicating where users were located within a specified time period. As a practical matter, there is no reason for a cycle tracking app to have a user’s location; eradicating this function could give users a stronger sense of security without impacting the functionality of the app.

Until the U.S. government strengthens its data privacy laws with respect to third-party tracking, users retain no control over the saleability of their personal data. Consequently, women who reside in abortion-banned states should be careful to entrust such sensitive information in the hands of femtech. When in doubt, women should delete their femtech apps and resort to cycle tracking with a paper calendar. Women have been menstruating for as long as humans have existed, and they did so without the help of Flo and Clue—and so can you.