FTC says fertility tracking app Premom shared sensitive health data with third parties
The Federal Trade Commission accused the developer of a free fertility app of sharing sensitive personal information and health data on its users with China-based firms and other third parties without obtaining permission.
Illinois-based Easy Healthcare Corporation, which operates the popular Premom app, violated promises to users by improperly disclosing health information, such as pregnancy status, to Google and AppsFlyer for marketing purposes, the FTC said. They also shared precise geolocation data and other information with two Chinese advertising firms and failed to adequately encrypt the data, subjecting it “to potential interception or seizure.”
The FTC said the company’s actions violated the Health Breach Notification Rule, or HBNR, and proposed that the company be barred from sharing users’ personal health data with third parties for advertising purposes. Under the proposed order, filed by the Department of Justice on behalf of the FTC, the company would be required to obtain users’ consent before sharing health data for any other purpose, and must tell consumers how their personal data will be used.
Easy Healthcare will also be required to pay a $100,000 civil penalty for violating HBNR, as well as an additional $100,000 each to Connecticut, the District of Columbia and Oregon for violating their respective laws.
The proposed order must first be approved by federal court before it goes into effect.
The complaint marks the FTC’s second enforcement action involving HBNR, following a proposed order in February against telehealth and prescription drug discount provider GoodRx. The company agreed to pay a $1.5 million fine for failing to let its customers know that it shared sensitive user data with advertising companies and platforms including Facebook and Google.
The complaint also comes as lawmakers and regulators take steps to protect reproductive health information following the Supreme Court’s Dobbs v. Jackson decision last spring.
Adam Janofsky is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.