Skip to Main Content

CIST Student Sandbox

IST 560: [Cybersecurity group]

This is a resource guide to federal information policy created by students in IST 560: Information & Public Policy, Spring 2024

Statistics

  • As of 2023 there are more than 97,000 health and fitness apps on the market. 
  • In 2022, Alfawzan and colleagues reviewed the privacy practices of 23 popular women's health apps on the App Store and Google Play. The researchers found that the vast majority (87%) disclose this data to entities other than the consumer. Additionally, more than half of the apps allow location tracking.
  • Research has shown that 28% of mobile health apps do not display a privacy policy. The percentage is slightly higher for period-tracking apps (30%). (Cao et al., 2024)
  • Claims by companies that they have made data "anonymous" should be taken with a grain of salt. Per the FTC, one study found that researchers were able to re-identify individuals based on "four location points with timestamps" in 95% of 1.5 million individuals in the study dataset (Location, Health, and Other Sensitive Information, 2022). De-identifying information is possible -- and the U.S. Department of Health and Human Services has provided guidance around anonymization methods (Office for Civil Rights, 2012) -- but many companies do not have processes that are sufficient to substantiate their own privacy claims.

Examples

In 2015, a digital advertising company used 'geofencing' to send ads to people who visited various reproductive health care clinics in cities such as New York City, Columbus, and Pittsburgh. Geofencing is a common marketing tactic in which mobile devices that enter certain locations of interest are digitally tagged. Advertising companies can then use that location data to send targeted ads and/or, potentially, sell that data to other entities. The Massachusetts Attorney General, concerned about consumer protection, prohibited this practice around Massachusetts centers for reproductive health. (Office of Attorney General Maura Healey, 2017)

In 2020, the Federal Trade Commission issued a complaint against Flo Health, Inc. Per the complaint, over 100 million consumers had downloaded Flo Health's period-tracking app, which promised users that the business would only share data unrelated to "marked cycles, pregnancy symptoms, notes and other information that is entered by you and that you do not elect to share." Despite these privacy promises, the app shared information with Facebook, Google, and other third parties. (Federal Trade Commission, 2020)

References