Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: AG announces settlement of $100,000 over data sharing and privacy practices of Premom

On May 17, 2023, the Attorney General (AG) of Connecticut, William Tong, announced a $100,000 settlement with Easy Healthcare Corporation, the operator of Premom, an ovulation tracking app, following concerns over the app's data sharing and privacy practices. Notably, Connecticut, Oregon, and the District of Columbia were the states involved in the settlement. Connecticut will receive $33,333 from the settlement, which was negotiated and finalized in coordination with the Federal Trade Commission.

Background to the case

The settlement follows concerns raised by the International Digital Accountability Council (IDAC) in August 2020, which found that the Premom app shared sensitive user data with third parties without appropriate disclosures or user consent.

Findings of the AG

In particular, the AG noted that an investigation conducted by the states substantiated these concerns and identified additional privacy and data security issues. As part of the settlement, the AG highlighted that Easy Healthcare agreed to implement and maintain comprehensive privacy and information security programs. The requirements include:

  • collecting personal information only for legitimate purposes and providing enhanced disclosures on information collection practices;
  • refraining from sharing health or location information with third parties without user consent, and from sharing health information for third-party targeted advertising;
  • providing a method by which consumers can request the deletion of their personal information;
  • conducting due diligence before retaining third parties and taking steps to monitor their information collection;
  • performing a privacy risk assessment that specifically considers the risks that women face, or could face, owing to privacy or security lapses related to the Premom app; and
  • undergoing independent assessments of its privacy and data security practices.

Moreover, the AG emphasized that the Supreme Court's ruling in Dobbs v. Jackson Women's Health Organization was discussed during the settlement, noting the significance of privacy in reproductive healthcare. The AG outlined that although ovulation tracking apps like Premom are not typically subject to the Health Insurance Portability and Accountability Act (HIPAA) regulations, they serve as crucial tools for women to monitor their ovulation cycles and reproductive health. Given the intimate health data that these apps collect and the information it provides regarding pregnancy, the AG noted that it is critical that user information is kept safe and private.

You can read the press release here.