Privacy & Cybersecurity Law Blog

On May 17, 2023, the Federal Trade Commission issued a consumer alert regarding the Premom Ovulation Tracker app (“Premom”) sharing sensitive information with third parties without users’ permission. According to the alert, Premom is a free app that is marketed as an accurate fertility calendar, which can be used to assist users who are trying to become pregnant.

Premom allows users to log their periods and upload information, such as ovulation test strips. Users are also able to import health data from other devices or apps, such as importing recorded temperatures from Bluetooth thermometers. This information can then be analyzed by Premom to predict the next ovulation cycle to assist users in becoming pregnant. Easy Healthcare is the company behind Premom.

According to the FTC, Easy Healthcare violated the Health Breach Notification Rule when it shared users’ personally identifiable health information with other companies without telling users. These companies include marketing and analytics companies, which collect information from users by integrating their SDKs onto the Premom app, which then track users’ interactions with the app and other identifiable information. The FTC has announced that Easy Healthcare has agreed to settle the FTC’s charges and has agreed to limit how the company shares users’ information and also tell users how their personal information will be used.

This is the FTC’s second enforcement action involving the Health Breach Notification Rule this year. In February, the FTC announced a settlement with telehealth and prescription drug discount provider GoodRx Holdings Inc. for failure to notify users about the company’s unauthorized disclosure of their personally identifiable health information to Facebook, Google and others.