A lawsuit was filed against Easy Healthcare Corp. based in Burr Ridge, IL because of the alleged disclosure of sensitive user data with third-party companies situated in China.
Easy Healthcare Corp is the programmer of Premom, a well-known smartphone fertility app for monitoring users’ ovulation cycles to know the days they are most fertile. The legal action states that a variety of sensitive user information was shared with at least three Chinese firms without getting users’ permission. Because the data is kept on servers in China, the lawsuit claims sensitive data could possibly be accessed or taken by the Chinese government.
The data sent to the Chinese organizations consists of sensitive healthcare details, geolocation information, user and advertiser IDs, device activity data, and device hardware identifiers. Considering that the identifiers don’t change, merging them with the information where it was found would permit data collectors to re-create app users’ activities.
Identifiers given to the Chinese organizations consist of MAC addresses or Wi-Fi media access controls, which are specific identifiers for network interface controllers; MAC/BSSID addresses of routers, which details geographical location; and SSID (Service Set IDs) of routers, which offer Wi-Fi networks data. It is additionally possible for the information to be collected about users’ interests, health, religion, political perspectives, and other sensitive information.
The lawsuit states user data was shared with Jiguang (Aurora Mobile Ltd), Umeng, and UMSNS, which provide activity analysis, precision marketing, financial risk management, and location-based analysis services to their customers.
Based on the legal action, the Premom privacy policy says that it will not share or sell your personal data to data brokers, marketing platforms, or data resellers, therefore the distribution of the information is in direct violation of those policies. Although the privacy policy does express that non-identifiable user data may be gathered, users are advised that the information would not be shared with third parties without user authorization.
The plaintiff found out that her personal information was disclosed to the three Chinese firms for three years without her permission or knowledge. She states Easy Healthcare deceived her as she was not told that her information would be given to the Chinese entities. The lawsuit likewise claims Easy Healthcare shared the data to get money and that the company was misrepresenting its data-sharing policies. The lawsuit likewise claims user data is logged each time users unlock or use their phone, even when they aren’t using the application, which breaches Google Play’s developer policies.
The lawsuit was filed a couple of months following a bipartisan group of senators wrote to the Federal Trade Commission (FTC) to ask for scrutiny of the data security and privacy policies of the Premom app, after discovering the unauthorized information sharing by International Digital Accountability Council.
The legal action was filed in the US Northern District Court of Illinois, Eastern Division and wants class-action status and damages for application users. The lawsuit additionally requires Easy Healthcare to stop sharing user data with organizations without first acquiring authorization from app end users. Easy Healthcare has denied any wrongdoing.
Premom is not the only health application found to be sharing user information without acquiring informed permission from software users. The FTC recently settled a data privacy and security case with Flo Health in January 2021 for misrepresenting privacy practices for its fertility app and shared user data with a data analytics firm without authorization. Flo Health was instructed to evaluate and modify its privacy policies and acquire permission from app users prior to sharing their information.