Insights

Fertility App Premom Faces FTC and State AG AdTech Enforcement

In its third Adtech enforcement action this year, the FTC turned its attention to Premom Ovulation Tracker (“Premom”) a free ovulation tracking mobile application (“app”) owned by Easy Healthcare Corporation. Among other things, the FTC’s order:

  1. permanently bars Premom from sharing health data with third parties for advertising purposes;
  2. requires the app to obtain user consent before sharing health data for any other purpose;
  3. requires Premom to relay more detailed and accurate information to consumers about how their data will be used, and;
  4. requires the app to coordinate deletion of the data that was shared with third parties.

To resolve a broader array of claims brought by the FTC, the Connecticut, Oregon and DC state attorneys general and private class action litigants, Premom will be paying a total of $950,000 in civil penalties, costs, and damages. 

At its core, the Premom app is used to help track users’ ovulation, menstrual periods, and other related health data based on information generated by the user, as well as information obtained via third party application integrations such as Apple Health data. Users can also upload pictures of ovulation test strips, which can assist the app in predicting a user’s next ovulation cycle.

According to the various complaints, between 2017-2020, Premom’s privacy policies falsely and deceptively stated that Premom would not share health information with third parties without users’ knowledge or consent, and that any information collected and shared would be de-identified and only used for Premom’s own analytics or advertising. In reality, Premom provided  unencrypted user data – with no restrictions – to  Google, to a marketing firm called AppsFlyer Inc. and to  foreign mobile analytics companies Jiguang and Omeng. The FTC further claimed that Premom’s app included tracking tools that could link to the app  a user’s social media account information and precise geolocation information . This was of particular concern given that the information contains highly sensitive data regarding users’ sexual and reproductive health and pregnancy status.

The FTC found that Premom’s failure to implement reasonable data privacy and security measures, and its alleged false and deceptive representations in its privacy policy constituted a breach of Section 5 of the FTC Act. The FTC also found that sharing data of this type without user consent amounted to a breach of unsecured health information in violation of its Health Breach Notification Rule.

Printable version.