Attorney General Tong Announces Settlement Over "Premom" Ovulation Tracking App's Data Sharing & Privacy Practices(Hartford, CT) – Attorney General William Tong announced today that Connecticut, Oregon, and the District of Columbia have obtained a $100,000 settlement with Easy Healthcare Corporation (“Easy Healthcare”) over data sharing and privacy practices associated with the company’s “Premom” ovulation tracking app. Connecticut will receive $33,333 from the settlement, which was negotiated and finalized in coordination with the Federal Trade Commission.
Easy Healthcare is an online provider of home healthcare products such as thermometers and pregnancy tests. In August 2020, the International Digital Accountability Council (“IDAC”) raised concerns that the company’s “Premom” app—an ovulation tracker, menstrual calendar, and fertility tool—shared sensitive user data with third parties through software development kits (“SDKs”) integrated within the app. In particular, IDAC observed that Premom shared user location data and device identifiers with two China-based companies flagged for suspect privacy practices without making appropriate disclosures or securing user consent. Easy Healthcare ceased use of the problematic SDKs shortly thereafter.
The states initiated an investigation that ultimately corroborated IDAC’s concerns, among other privacy and data security findings. As a result, Easy Healthcare has agreed to implement and maintain comprehensive privacy and information security programs, including specific requirements that the company:
• Collect personal information only for specified, legitimate necessary purpose(s) and refrain from using such information in any manner incompatible with those purpose(s);
• Make enhanced disclosures regarding its information collection practices;
• Refrain from sharing health or location information with third parties without user consent, and from sharing health information for third-party targeted advertising;
• Provide a method by which consumers can request deletion of their personal information;
• Conduct due diligence before retaining third parties and take steps to monitor their information collection;
• Perform a privacy risk assessment which specifically considers the risks that women face, or could face, due to privacy or security lapses related to the Premom app; and
• Undergo independent assessments of its privacy and data security practices.
“Given the intimate health data that apps like Premom collect and what that may reveal about when a pregnancy starts or stops, it is critical that user information is kept safe and private,” said Attorney General Tong. “Our settlement forces Easy Healthcare to adopt strict privacy requirements to ensure that its users’ information is appropriately protected.”
During settlement discussions, the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization placed the importance of reproductive health care privacy into exacting focus. While ovulation tracking apps like Premom are typically not subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), many women rely on them to stay informed about their ovulation cycles and reproductive health—with surveys suggesting that nearly one-third of women in the U.S. use some kind of fertility tracking app. Given the intimate health data that these apps collect and what that may reveal about when a pregnancy starts or stops, it is critical that user information is kept safe and private.
Assistant Attorney General Aine DeMeo and Deputy Associate Attorney General Michele Lucan, Chief of the Privacy Section, assisted the Attorney General with this matter.