What a time to be alive! Gone are the days of painstakingly tracking your period or, for breastfeeding mothers, manually monitoring pump volumes. We are now entering a world where even IVF processes can be tracked via Blockchain. The digitisation of intimate health data has been a welcome development in the 21st century, geared towards improving the way we understand our bodies’ tendencies in a more cost-effective and accessible manner. ‘Femtech’ refers to technology-enabled products and apps aimed at improving the various facets of women’s health, such as maternal health, menstrual health, fertility, menopause, contraception, etc. It is seen as empowering women to make informed choices. Indeed, femtech is a promising sphere, showing no signs of slowing down, with Deloitte projecting the femtech market value of spilling over $100 million by 2032.

In the UK, data collected by apps is regulated under the Data Protection Act 2018, which ‘incorporates’ the General Data Protection Regulation (GDPR) into UK law, known as UK GDPR post-Brexit. The UK GDPR outlines the requirements for processing personal data lawfully, transparently, and fairly, with stricter guidelines for 'special category data' such as health, biometric, and sexual orientation information. The regulation of medical devices falls under the Medical Devices Regulations 2002 (MDR). However, when it comes to femtech, alarming gaps remain in the current regulatory framework, leaving the sensitive health data collected by femtech apps inadequately protected.

But why is there such a hunger for our data in the first place, and why are femtech companies so keen on collecting and processing this data, especially given its sensitive nature? Before delving further into this, it is important to draw a distinction between 2 of the primary reasons for collecting data: data collected for research and data collected for third party advertising or other purposes (profit) . The former is conjoined with the broader purpose of bridging the gap in research that has long underserved individuals from under-represented ethnic groups and socioeconomically disadvantaged backgrounds and is part of a larger mission to part ways with the historically stigmatised and biased take on bodily health, underpinned by the glaring gender data gap in research wherein the biological male body was traditionally accepted as the default. 

Gathering a deep, representative data set is paramount to making femtech’s provisions as accessible, relevant, and accurate as possible to its diverse body of users. Irrefutable is the fact that a single normative standard simply cannot address the needs of users whose diverse genetic compositions necessitate contextualised, bespoke recommendations. In a panel hosted by Dr Lindsay Balfour from the Centre for Postdigital Culture on Femtech and Data Privacy, Danika Kelly, CEO of female-focused health tracking platform, ‘My Normative,’ stressed the importance of data sales in the context of equitably collecting contextualised data toward research and innovation in order to assist algorithms to ‘work more appropriately’ to better serve populations. She underlines the necessity to be mindful of unethical data usage by femtech apps. 

This introduces the issue of consent. Do we know exactly what it is that we are agreeing to? What happens when we hastily skim through drearily long data privacy notices to check that box? A substantial catalyst of the imbalance in information between end users and manufacturers of femtech apps is the pronounced information asymmetry between the two parties. There is doubt thrown at the veracity of the claims peddled by manufacturers to “induce customers to purchase products” where the MDR does not even “require a particular degree of evidence to be provided for ‘wellness apps’ such as period trackers.”  Furthermore, the narrow scope and ambiguity of the current regulatory framework under the MDR mean that only apps that “intend to be used for contraceptive measures” (i.e., ‘medical’ use)  fall within the remit of the regulations, allowing companies to evade liability by simply “labelling their apps as period trackers” or “marketing them as lifestyle apps” (non-’medical’) apps, even when “period tracking apps indicate a person’s fertile window.”  

In fact, research on the 20 most popular female health apps in the UK and US Google Play “found instances of covertly gathering sensitive user data, inconsistencies across privacy policies and privacy-related app features, as well as flawed data deletion mechanisms.” Further exacerbating the imbalance in knowledge on the part of the user is the dubious hue that registering these apps on the Play Store carries. According to research, only 1 out of the 10 femtech apps tested was registered under the ‘medical category’ on the app store. The current insufficient regulatory landscape allows for such instances to slip through, as there is no specific data protection regulation targeting the collection and processing of ‘femtech data.’

During the same panel, Dr Simon Leigh, Director of Research, Organisation for the Review of Care and Health Apps (ORCHA), cautioned against blindly downloading apps and urged individuals to rely on their “value judgements” to critically assess the reasons behind the app's requests for information. What is the legitimate interest? Is this information necessary for the “crucial functioning” of the apps or the recommendations it provides its users? According to Dr Leigh, only 5 out of 25 of the period tracking apps that ORCHA reviewed met the criteria to be suitably recommended to the NHS. Moreover, out of 85% of the apps that were involved in third-party distribution of sensitive health data, 50% did so for the purposes of marketing and the other 50% did so for ‘improving developer services.’ Astonishingly, as Dr Leigh accentuates, the main reasons for data brokerage seem “not to be patient-centric” or to improve user experience but rather to serve the more capitalistic purpose of marketing! ORCHA’s 2022 review also revealed that consent to data sharing is often inconspicuously embedded (“bundled”) within the app's overarching terms of use. This practice is emblematic of a broader issue of unethical data handling, which often manifests in the form of personalised advertisements or content and can even be used to identify users as “belonging to particular groups.” Such data mishandling is particularly alarming to individuals in jurisdictions with strict abortion laws, such as the United States, where data leakage is perceived as a “form of surveillance” aimed at “policing the reproductive functions” of persons with wombs -a disheartening reality to grapple with in a post-Roe world.

Amongst the host of problems that feminist literature explores in the field of femtech, there rings a cry for more ethical data usage- a call for femtech companies to adopt clearer, more direct privacy policies that empower users to understand their data rights, alongside a call for regulatory bodies to grant greater visibility to femtech companies, as warranted by the sensitive health data they handle. Currently, the burden is borne by the user to shield their fundamental right to privacy. However, when it comes to sensitive health data, there is an urgent need to shift this responsibility onto regulatory bodies to patch the femtech-shaped hole in frameworks and enforce stricter scrutiny on the regulatory landscape that femtech companies operate in.

Nischita Srinivasan

*image courtesy of Mewburn Ellis

Catriona McMillan and Ruby Reed-Berendt, ‘Rethinking the regulation of digital contraception Empowerment, responsibility and risk’ (The University of Edinburgh, 28 November 2024)

McKinsey & Company, ‘The dawn of the FemTech revolution’ (14 February 2022) <https://www.mckinsey.com/industries/healthcare/our-insights/the-dawn-of-the-femtech-revolution

C McMillan, ‘Monitoring female fertility through ‘Femtech’: the need for a whole-system Approach to Regulation’ (2022) 30(3) Medical Law Review Sorina Mihaila, ‘Experts Call for ‘Robust’ Data Protection Standards after Damning Report.’(5 June 2024) <https://www.femtechworld.co.uk/news/experts-call-for-robust-data-protection-standards-after-damning-report/> accessed 1 December 2024.

M Mehrnezhad, T Van Der Merwe, and M Catt, ‘Mind the FemTech gap: regulatory failings and exploitative systems’ (2024) 3 Frontiers in the Internet of Things 1296599

Centre for Postdigital Cultures, ‘FemTech and Data Privacy’ (Video on Centre for Postdigital Cultures Youtube channel, 2 August 2022) <https://youtu.be/3uNUKKDhJ9o?si=UqDbnV5jwkKLW7Tl >

Anna Blest, ‘What Is FemTech and How Can It Meet the Privacy Needs of Its Users?’ (8 March 2024) <https://www.bclplaw.com/en-US/events-insights-news/what-is-femtech-and-how-can-it-meet-the-privacy-needs-of-its-users.html