INTRODUCTION
Since times immemorial, women’s reproductive rights and allied healthcare have been deliberated upon behind closed doors. Even in the 21st century, these pressing issues have been largely stigmatised and have not received the recognition that they deserve. The scales were tilted in favour of women after the arrival of ‘Femtech’. Now, women can count upon such apps which provide them with a plethora of solutions including menstrual cycle tracking, pregnancy tracking and fertility solutions. Female technology commonly abbreviated as Femtech entails creation of hygiene products, reproductive health monitoring systems and other digital applications that empower a woman by keeping her abreast of her less talked about but significant, reproductive health. A report by Emergen Research estimated the global market size for Femtech to be around USD 60.01 billion by 2027. The rationale behind the tremendous popularity of this novel industry is its huge target audience which constitutes 50% of the global population.
ARE WOMEN, COMMODITIES MASQUERADING AS USERS FOR FEMTECH APPS?
The leading Femtech apps like Flo, My Calendar, Clue, Maya and Ovia enjoy millions of downloads on Google Playstore. Their remarkable success makes it all the more imperative to address the issues encircling them. Women share their extremely intimate and sensitive information with these apps including the duration of their menstrual cycle, mood swings, the last time the user had unprotected sexual intercourse and whether she is trying to get pregnant. The enormous faith and confidence reposed by a female upon these apps is quite conspicuous given that she is apprehensive about sharing such information even with the closest people in her life. It is understandable that these apps require particulars of the user for processing and delivering the accurate outcome without which they cannot function effectively. Nevertheless, the chink in the armour is that this data is being shared with third parties without the informed consent of the user. So, you never know where your information might end up! According to a significant report published by the Norwegian consumer council, an advocacy group revealed that multiple apps including Clue transmitted personal information of its users to at least 135 companies or data brokers. These entities consolidated sensitive data received from myriad sources to create digital profiles of the consumers that are further exploited for online targeted advertising. Its detrimental impact can be discerned where several women are spammed by online advertisements related to diapers after they start using a pregnancy app. ‘Menstrual/Intimate Surveillance’ can be observed as a phenomenon directly emanating from circulating personal data of female users. Every minute step taken on a Femtech app is watched, recorded and processed by hundreds of suspicious agencies for their dystopian ways. This manifests as being a downright intrusion and an encroachment over the right to privacy of a woman.
APERTURES IN REGULATORY STANDARDS AROUND THE WORLD
Even the law does not come to the rescue of these women who continue to be susceptible to data exploitation by these Femtech apps. With respect to data protection laws, European Union (EU) observes that 12 non-EU countries have an acceptable legal framework for data security.
USA has Health Insurance Portability and Accountability Act (HIPAA), 1996 which caters to patients’ privacy concerns by defining ‘Protected Health Information’ (PHI) that specific entities are mandated to protect. These encompass healthcare providers, clearinghouses and business associates. The Femtech apps can come within the purview of HIPAA only under the third category, business associates because they are independent corporate houses that provide specialized technology. Nonetheless, they evade liability and keep themselves safe from any legal ramifications. EU’s General Data Protection Regulation (GDPR) can be viewed as a silver lining. It is a stringent legislation that administers how businesses ought to safeguard the confidentiality of digital personal information of EU residents. GDPR places the explicit and unconditional consent of the users at the highest pedestal without which their data cannot be transmitted to a third party at any cost. It is commendable that the residents of the EU are protected by a sound legal framework as regards data security. At the same time, it cannot be denied that the Femtech apps cater to women in non-EU jurisdictions as well who remain bereft of the protection offered by GDPR. Under these circumstances, it becomes imperative for the Femtech apps to have a universal policy addressing this issue.
ABSENCE OF DATA GOVERNANCE FRAMEWORK IN INDIA
Closer home, a path-breaking judgement Justice K.S. Puttaswamy (Retd.) and Anr v. Union of India and Ors. transformed the privacy landscape. The Supreme Court of India recognized the right to privacy as a fundamental right under Article 21 of the Constitution. It further held that “….from the right to privacy in this modern age emanate certain other rights such as the right of individuals to exclusively commercially exploit their identity and personal information, to control the information that is available about them on the “world wide web” and to disseminate certain personal information for limited purposes alone.” To follow the judgement in its letter and spirit, Srikrishna Committee was constituted by the Ministry of Electronics and Information Technology (MeitY). It submitted a comprehensive report on 27 July 2018 which was later codified as the draft Personal Data Protection (PDP) Bill, 2018. The revised version of this draft was introduced before the Lok Sabha on 11th December, 2019 and was referred to a Joint Parliamentary Committee, formed exclusively for providing recommendations to the PDP Bill, 2019. The Bill once passed would be an immaculate attempt at bringing India at par with other jurisdictions, especially the EU. It prescribes a robust mechanism for notifying the user before his/her data is collected and mandates unambiguous consent of the user concerning sensitive data which can be easily withdrawn, as well. The Bill goes a step further by providing a host of rights including but not limited to, right to access and correction. Hopefully, the revered Parliament will soon make history by passing the first, one of its kind Data Protection law in our country.
THE ROAD AHEAD
Given the sky-rocketing downloads of Femtech apps all across the globe, the stakes are quite high. It is the need of the hour to explore optimal yet expedient solutions. A company must adopt the ‘privacy by design’ model by default. The principles of privacy such as data encryption can be embedded into the system to ensure user privacy and accessibility coupled with empowering user-friendly interface. Having said that, enhancing safeguards is a costly affair for corporations. Yahoo refused to address the issue of strengthening data security owing to exorbitant costs and complexities. As a result, the company suffered a major setback at the time of its data breach during 2014-2015. Thus, the state is expected to extend a helping hand to leading Femtech companies for setting a ‘commercially reasonable standard’ practice. The significance of prioritizing digital awareness to create more educated users cannot be emphasized enough. In addition to that, the apps should take the bull by its horns by having a simplified and comprehensible privacy policy.
CONCLUSION
We acknowledge that Femtech apps are quite efficacious and are empowering women to take charge of their health and body. Nevertheless, the unwavering trust that women have in them should not be compromised for ulterior motives. In other words, these apps can turn into Frankenstein monsters if data exploitation is trivialised.
At the cost of repetition, it is re-iterated that the right to privacy loses its true essence if Femtech apps are given leeway to commercialise intimate data. Henceforth, states should realise the significance of the interface between health, technology and confidentiality.