AG Schwalb Protects Private Data of Consumers Using Ovulation Tracking App "Premom"

Ovulation Tracking App Shared Sensitive Data – Including Location and Device Identifiers – Without Consent

WASHINGTON, DC — Attorney General Brian L. Schwalb today announced that Easy Healthcare Corporation (“Easy Healthcare”) will make significant changes to its ovulation tracking app “Premom” to ensure that users’ sensitive data is not shared with third parties without notice or consent. The Office of the Attorney General (OAG) negotiated and finalized the settlement in coordination with the Federal Trade Commission (FTC) and the Attorneys General of Oregon and Connecticut.

“District residents who used the Premom app were entitled to have their locations and devices kept confidential, but Easy Healthcare shared that private information with third parties without notice or consent, putting users at risk,” said AG Schwalb. “Now more than ever, with reproductive rights under attack across the country, it is essential that the privacy of healthcare decisions is vigorously protected. My office will continue to make sure companies protect consumers’ personal information to protect against unlawful encroachment on access to effective reproductive healthcare.”

Easy Healthcare is an online provider of home healthcare products such as thermometers and pregnancy tests. In August 2020, the International Digital Accountability Council (“IDAC”) raised concerns that the company’s “Premom” app—an ovulation tracker, menstrual calendar, and fertility tool—shared sensitive user data with third parties through software development kits (“SDKs”) integrated within the app. In particular, IDAC observed that Premom shared user location data and device identifiers with two China-based companies flagged for suspect privacy practices without making appropriate disclosures or securing user consent. Easy Healthcare ceased use of the problematic SDKs shortly thereafter.

The District of Columbia, in coordination with the FTC, Oregon, and Connecticut initiated an investigation that ultimately corroborated IDAC’s concerns, among other privacy and data security findings. As a result, Easy Healthcare has agreed to implement and maintain comprehensive privacy and information security programs.

As a result of the Office of the Attorney General’s (OAG) action, Easy Healthcare must:

  • Collect personal information only for specified, legitimate necessary purpose(s) and refrain from using such information in any manner incompatible with those purpose(s);
     
  • Make enhanced disclosures regarding its information collection practices;
     
  • Refrain from sharing health or location information with third-parties without user consent, and from sharing health information for third-party targeted advertising;
     
  • Provide a method by which consumers can request deletion of their personal information;
     
  • Conduct due diligence before retaining third parties and take steps to monitor their information collection;
     
  • Perform a privacy risk assessment which specifically considers the risks that people face, or could face, due to privacy or security lapses related to the Premom app; and
     
  • Undergo independent assessments of its privacy and data security practices; and
     
  • Pay a $33,333 penalty to the District.

The Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization placed the importance of reproductive health care privacy into exacting focus. While ovulation tracking apps like Premom are typically not subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), many people rely on them to stay informed about their ovulation cycles and reproductive health—with surveys suggesting that nearly one-third of women in the U.S. use some kind of fertility tracking app. Given the intimate health data that these apps collect and what that may reveal about when a pregnancy starts or stops, it is critical that user information is kept safe and private.

Read the full settlement here.

This matter was handled by Assistant Attorney General Lindsay Marks and Deputy Director of the Office of Consumer Protection, Jennifer Rimm.

OAG’s Fight for Reproductive Rights
OAG has a long record of advocating for reproductive rights and justice. Since 2018, OAG has engaged more than 50 times in court cases and rulemaking processes on reproductive rights, including participating in amicus briefs, joining multi-state lawsuits and multi-state comment letters, and working to educate DC residents about their rights to abortion care. In April 2023, AG Schwalb joined 23 Attorneys General in fighting back against efforts to block access to the medication abortion drug mifepristone. Earlier this year, AG Schwalb also joined a coalition including 17 other attorneys general that filed a multistate lawsuit to expand access to medication abortion, leading to a recent ruling that preserves access to mifepristone in those states and the District.

Additionally, DC and 23 states filed an amicus brief in Dobbs v. Jackson Women’s Health Organization before the U.S. Supreme Court, arguing against Mississippi’s abortion ban and calling on the court to uphold its precedent protecting people’s right to decide before viability whether to carry a pregnancy to term.