Tag: consent

Fertility app Premom shared users’ health data without consent, FTC says

Fertility-tracking app Premom, owned by Easy Healthcare, came under fire by the Federal Trade Commission, which alleged the company shared consumers’ health data with third parties like Google, AppsFlyer and two China-based analytics and marketing firms for advertising purposes without user consent.

Premom is a free app that offers fertility tracking tools, including period and ovulation tracking. The company also sells ovulation test kits. 

The FTC’s investigation found the company shared users’ personal health information with third parties, such as identifiable location, health information and activities on the app related to users’ fertility, periods and pregnancy.

According to the Commission, the company did not disclose to users that it would share their health information while deceiving users about its data-sharing practices. The FTC also claims the company violated the Health Breach Notification Rule, which requires companies gathering personal health information to notify users and the government of a data breach by failing to inform users of its practices.  

Premom was instructed to refrain from sharing health information with third parties for advertising purposes or other purposes without users’ consent, to put into place a comprehensive privacy and security program for protecting users’ info and to tell the third parties to delete the information collected without users’ permission.

Easy Healthcare was ordered to pay a $200,000 settlement fee and is barred from sharing users’ data for advertising purposes, or with third parties, without user consent.

“Premom broke its promises and compromised consumers’ privacy,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement. “We will vigorously enforce the Health Breach Notification Rule to defend consumer’s health data from exploitation. Companies collecting this information should be aware that the FTC will not tolerate health privacy abuses.”

THE LARGER TREND 

After Roe v. Wade was overturned,

Whistleblowers allege U of T data project collected 600K patient records without consent

Ontario’s privacy commissioner is investigating a sweeping data project at the University of Toronto that is alleged to have collected over 600,000 electronic medical records without patient consent or knowledge.

Filed last summer by a group of concerned doctors in the GTA, a privacy complaint alleges the University of Toronto Practice-Based Research Network, a decade-old project known by the futuristic acronym UTOPIAN, has collected full electronic medical records (EMRs) from over 1,400 family physicians as part of a “massive data grab.”

Researchers with UTOPIAN asked family doctors to submit entire patient charts under the “guise” of a research study, according to the complaint. The project has collected well over 613,000 EMRs.

Data extracted from the medical records is de-identified, meaning that information is stripped of some “direct identifiers” like names and addresses. It is subsequently transferred to the secure UTOPIAN Data Safe Haven server.

Story continues below advertisement

Access to that giant database is then sold or shared with researchers and other “third parties,” according to a copy of the complaint obtained by Global News.

The data is shared with the Canadian Primary Care Sentinel Surveillance Network (CPCSSN), Institute for Clinical Evaluative Sciences (ICES), Diabetes Canada and “other prescribed entities,” according to UTOPIAN’s website. Global News asked for further details on how this patient data is shared but didn’t receive an answer.


Click to play video: 'Increasing concern about cyberattacks in Canada'


Increasing concern about cyberattacks in Canada


The University of Toronto pushed back against the allegations, saying at no time is the data “sold.” According to their website, all projects UTOPIAN supports are approved by a research ethics board.

The concerned doctors say the U of T project has broken Ontario’s privacy laws and violated patient trust. They also insist there is little transparency about how confidential patient information is being handled or shared.

Story continues below

Back To Top