Consumers are increasingly concerned about the vast amounts of data that apps track, store and share, giving people a false sense of privacy.
Given the Supreme Court’s overturn of Roe v. Wade’s ruling banning abortion, people who use period or ovulation trackers, health care or fitness or even mapping apps to track their personal information or location will be wary and concerned.
The number of apps that track a person’s health, such as fertility and menstrual cycle data and location, has grown exponentially over the past few years.
U.S. consumers have limited privacy rights, Karim Hijazi, CEO of Houston-based cyber intelligence firm Prevailion, told TheStreet.
“American consumers don’t have as much data privacy or protection, especially compared to European consumers,” he said. “For apps, there are few safeguards for how your information is collected or used.”
Companies that collect personal medical information “may” be required to comply with the privacy protections of the Health Insurance Portability and Accountability Act (HIPAA).
A major problem is that not all health information is considered private.
“May not include apps focused on health or fitness,” Hijazi said.
Deleting the app is not a solution
Simply deleting the app from the smartphone will not wipe out the data.
Most U.S. consumers don’t have a “right to erasure,” except in states that have passed laws such as the California Consumer Privacy Act, the Colorado Privacy Act, and the Virginia Consumer Data Protection Act, so residents can petition companies to delete them, Hijazi said. their data.
“However, for most Americans, once you agree to the terms of service, there is little recourse for collecting your personal information,” he said.
Scott Gerlach, chief security officer at Denver-based API security testing provider StackHawk, told The Street that consumers need to be aware that deleting the app doesn’t delete the data the company collects.
Some companies are able to digitally delete users’ data on request due to regulations such as GDPR (EU data protection law implemented in 2018), but the US does not have its own version.
The concern, he said, was that there was no uniform approach to how customers could ask for their data to be deleted. Some companies require a written request, and some have a separate portal on their website.
“If someone tries to delete data across multiple apps or services, it’s up to the user to decide how to commit, and the complexity increases,” Gerlach said.
When it comes to their digital breadcrumbs, consumers are “almost” on their own, Jason Glassberg, co-founder of Redmond, Washington-based ethical hacking firm Casaba Security, told TheStreet. Many companies may deny consumers requests to delete their data.
scroll to continue
“I doubt any of them will,” he said. “They may also claim that they can’t delete the data because they don’t store the data themselves, which is partially true for many of these companies. They may use a third-party service or partner with other providers to actually process the consumer’s data. “
Another major issue is that once data is collected, it is often shared with multiple other parties, which may also be shared with several other parties.
“The personal data business is a complex and fuzzy ecosystem, with many different animals drinking from the same trough,” Glassberg said.
Period tracking app Flo says consumers can deactivate their accounts and delete their personal data by emailing [email protected]
“If you choose to deactivate your account, Flo generally deletes all your personal data, which cannot be recovered if you create another account in the future,” the company said.
A growing number of companies, such as Flo, are also offering people the ability to use “anonymous mode,” which doesn’t require any personally identifiable information, such as names, email addresses, and technical identifiers associated with accounts.
“Any data we collect is fully encrypted and that never changes,” said Susanne Schumacher, Flo’s data protection officer.
The feature is available for iOS and Android devices, Flo said on June 30.
“While the incognito mode feature is already in the works, development has accelerated with the U.S. Supreme Court ruling overturning the landmark Roe v. Wade case,” the company said. “Some users have questions about how third parties can access from digital services. User health data expresses concern.”
With this mode enabled, companies will not be able to provide names or emails to any group seeking identifying information.
“…Anonymous mode will prevent Flo from connecting data to individuals, which means Flo will not be able to fulfill requests,” Flo said.
before using the app
Most apps require consumers to accept various “permission requests” to use them, such as enabling geolocation access, Hijazi said.
“There’s an old saying, if the service is free, you’re the product,” he said. “In terms of apps, however, this applies to basically any app – even paid apps will still collect and monetize your personal information.”
Glassberg said HIPAA is not “an ironclad protection for your personal health information, and is primarily limited to protected medical information from healthcare providers and the attendant personally identifiable information (PII)”.
Apps that track your menstrual cycle or your physical condition can be problematic for people who live in states where helping someone or where abortion is not legal.
“If you’re using an app that tracks your menstrual cycle or records your physical location when you stop at a family planning facility or any doctor’s office, then that’s not privileged or protected information,” he said.
Data can be handed over to law enforcement
Companies will have to comply with law enforcement subpoenas, even if some of them may choose to challenge, Glassberg said.
“Ultimately, if a subpoena is legally valid, everyone has to comply,” he said.
If companies are investigating cases, they “may be forced” to hand over user data through law enforcement, Gerlach said.
“The end user may or may not know about it until a lawsuit is brought against them,” he said.