Apps supporting women’s health have developed rapidly alongside increasing de-stigmatisation of female reproduction and wellbeing. The ubiquity of these apps has advanced the practice of intimate female health monitoring involving sensitive user data.
Last year the Information Commissioner’s Office looked at period and fertility apps to understand how they process personal data and identify whether there is a negative impact on users as a result.
While the ICO found no ‘serious compliance issues or evidence of harms’ in this review, the ICO used it as an opportunity to remind all app developers about the importance of ensuring they are meeting all their obligations to be transparent with their users and keep their data safe.
The ICO shared four practical tips to support app developers comply with their data protection obligations and maintain the privacy of their users.
Ensure your privacy information is right - it must be clear, concise and easily accessible.
Your consent must be explicit, unambiguous and involve a clear action to opt-in. It must also be easy for people to withdraw their consent at any time.
- Establish the correct lawful basis
Ensure you have the right lawful basis to process personal data whether its consent, legitimate interests or contract.
App developers must be accountable for the personal information they hold.
Since the ICO’s review, a new study from King’s College London and University College London found female health monitoring apps were exposing users to privacy and safety risks through poor data handling practices. The research uncovered several inconsistencies, as well as problematic privacy practices which saw data transmitted through complex chains of third parties.
It is vital that app developers in general and FemTech providers ensure that they address any privacy concerns to ensure they are on the right side of the Information Commissioner’s Office.
If you are an app developer and would like to know more about how your app can better meet your user’s expectations and comply with ICO’s expectations in relation to data transparency and UK data protection law, read our seven tips we have pulled together outlining some dos and don’ts.
Our content explained
Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.