WMC News & Features

Digital privacy is a feminist issue

Wmc Features Privacy Keyboard Key 101619

Recently, the digital rights organization Privacy International decided to take a closer look at the apps women trust with their most personal data: menstruation apps.

These apps are predominantly used by women to track their menstrual and ovulation cycles, but they can also provide information on other issues like birth control and mental health.

The findings of Privacy International’s investigation show the extent to which developers and third parties such as Facebook will violate a user’s privacy to make a profit.

They also highlight how women, already one of the most vulnerable demographics online, face heightened threats to identity, safety, and privacy that often go unrecognized.

Making your private data public

In its investigation into some of the most popular menstruation tracker apps worldwide, Privacy International found that many apps share user data with Facebook and other third parties. This transfer of information takes place through Facebook’s software developer kit (SDK), which many developers use to create apps. 

These menstruation apps have millions of downloads yet have escaped much scrutiny from the public and data regulators. 

One of the apps is Maya, by Plackal Tech, which has over 5 million downloads on Google Play.

Maya gives users the option to input “symptoms” they have during their cycle, such as acne or high blood pressure. It also asks users to submit their mood, the dates of their cycle, and information on their sex life. The investigation found that all of this information, along with every action a user made on the app, was passed to Facebook and the customer retention platform Clever Tap.

All of this data is highly valuable to Facebook and other third parties, who can use it to target users with highly personalized ads that take advantage of their mood or personal preferences. For instance, if a user has told their app that they’re feeling unhappy, they could be targeted with ads for clothes or diet supplements that play on their insecurities.

While Maya app users consented to developers using their data, most were likely unaware that their personal information was being used against them in this way. It is therefore questionable whether their consent can be seen as legitimate, as it was given without awareness of how others may use their data.

This is especially the case in the EU, where under the General Data Protection Regulation (GDPR), special category data, including all health and sexual data, requires explicit consent to be collected and used by third parties. This consent can be given only if there is complete transparency on how a user’s data will be processed.

Though Plackal Tech is based in India, the data of its EU users must still be processed in compliance with the GDPR. Given the issues surrounding consent, transparency, and excessive data collection with this app, it seems highly likely that Maya was not GDPR compliant at the time of the investigation. 

After being contacted by Privacy International, Plackal Tech reported that it had “removed both the Facebook core and Analytics SDK from Maya,” meaning personal and medical data is no longer passed to Facebook from the app.

However, the findings of this investigation raise huge concerns for how apps are handling our private information, and where it can end up once we’ve entrusted them with it.

The gender gap in digital privacy

The collection and passing of user data by these apps highlights how easy it is for companies to access our most intimate, personal information and use it for monetary gain, all while keeping users in the dark.

These findings gain extra significance when set in the context of digital privacy’s noticeable “gender gap.” While women have greater concerns than men about digital privacy, research has found that they also have less awareness of the potential threats posed by technology, data, and interface design. 

This isn’t so surprising, given that the technology sector is still geared toward, made up of, and controlled by men. Only 23% of those working at Facebook, Apple, and Google are women, while decision-making processes in technology and digital policy are still dominated by men. Additionally, work in tech companies is highly sex segregated, with men dominating engineering of products and women heavily represented in legal, trust, and safety and customer care roles.

Given that women disproportionately face fetishization, harassment, and threats of violence online, this lack of representation in the technology sector and relevant decision-making processes is significant. It is only by involving women in policy discussions that sexism can be tackled online.

Both marginalization and sex segregation in the industry reduce the input women have on the design of technology and the policies that affect our online lives, meaning risks encountered primarily by women are often left unconsidered. The dearth of women with a career in technology also perpetuates the stereotype of tech as a men’s subject, leading to female disengagement. 

This disengagement, furthered by the pressures of external bias from peers, friends, and family, creates a vicious cycle whereby women become less digitally literate and aware of the risks they encounter online. This impairs women’s ability to take adequate measures or demand that companies improve their products.

Take VPN usage, for example. VPNs are a key tool for improving privacy and security online, as they encrypt a user’s data, making it unreadable to their ISP and anyone spying on their network. In 2018, Global Web Index reported that only 32% of VPN users were women.

Forbes also reported in 2016 that, while women are more likely to make changes in behavior to protect their privacy, men are more likely to use encrypted email (10% vs. 7%), password managers (20% vs. 17%), privacy-enhancing browsers (18% vs. 13%), and two-factor authentication (15% vs. 12%).

These statistics show that women are less likely to use tools to safeguard their data, leaving them more at risk than men when going online.

Digital privacy is a feminist issue. It’s important that women become more aware of the tools they can use to protect their data, but also critical that they be involved in design and decision making.

What can women do to protect themselves online?

Thankfully, there are steps we can take to protect ourselves.

If you benefit from using a menstruation app, switch to one that handles data appropriately, such as Clue. When it comes to other apps, it’s worth investigating their privacy policy to see what data they may be logging and who they may be passing it to.

Investing in privacy tools such as a reliable VPN will also protect your data from anyone spying on your network, and will provide extra security when connecting to a public WiFi network.

To prevent being taken advantage of by personalized ads, download a browser extension that blocks ad trackers, such as Privacy Badger.

The Women’s Media Center Speech Project provides resources for those experiencing harassment online as well as links to organizations advocating for greater transparency, accountability, and equality in digital spaces.

What can women do to demand better products and solutions?

Under the GDPR, women in the EU can lodge a complaint against a company they believe to be mishandling their data and can request that collection of their data be restricted.

Women internationally can make direct complaints to a business if they believe their data is being mishandled and can take a stand by switching to a product that respects user privacy. 

There are also a number of digital rights organizations you can support, such as Privacy International, Open Rights Group, and the Electronic Frontier Foundation. These groups are making efforts to hold companies accountable for their inadequate data handling practices; Privacy International’s investigation is one example of these efforts.

The GDPR has also had an impact on businesses’ data practices in the EU, with the enforcement agency handing out harsh fines to companies seen to be noncompliant.

Despite these efforts, many companies are still getting away with violating their users’ privacy. Until they take responsibility and make appropriate changes to their practices, women must remain cautious and take extra measures to protect their data. 



More articles by Category:
More articles by Tag: Internet policy, Activism and advocacy
SHARE

[SHARE]

Article.DirectLink

Contributor
Sign up for our Newsletter

Learn more about topics like these by signing up for Women’s Media Center’s newsletter.