5 June 2024
Femtech article series| June 2024 – 5 of 6 Insights
The global femtech market was worth USD 51 billion in 2021 and is forecast to grow to USD 103 billion by 20301. This would equal an annual growth rate of more than eight percent. Mobile health applications – apps intended to support health management – are the focus of this growth. Femtech apps currently concentrate on topics such as menstrual cycle tracking, birth control, fertility and pregnancy, disease detection and menopause.
Besides offering individual benefits for its users, the data collected by the apps can contribute to closing the so called “gender data gap"2, helping to improve the development of gender-specific health products.
The information collected by the apps often includes intimate health data. Thus, it is essential that users are fully informed about the use of their data and can trust in its secure processing.3
However, this trust among users has been shaken in the past. Period tracker apps have made headlines several times as there was concern about the extent of the data collected and and its disclosure to third parties:
In 2021, for example, the period tracking app Flo (over 100 million users) attracted the attention of the US Federal Trade Commission (FTC) after a complaint was raised. The allegation concerned the transfer of user data to third-party companies for targeted menstrual cycle-related advertising.4 Flo refused to admit to any misconduct but agreed on a settlement with the FTC.5 In March 2024, a class action against Flo based on similar allegations was permitted in Canada6.
Within the European Union, the processing of personal data is regulated primarily by the General Data Protection Regulation (GDPR). Femtech apps typically process specially protected personal data, including health data and data on a person’s sex life. Violations of data protection requirements are subject to significant fines (up to EUR 20 million or 4% of the worldwide annual turnover). Along with this regulatory framework, user confidence in the safe processing of their data forms the most important basis for the future growth of the sector. That is reason enough to summarise our tips for health apps with focus on women's health in the following:
Requirements of data protection law must be considered as soon as the app is in the development stages. The key phrase is “privacy by default”. This concerns interfaces (with whom does the app share data?) as well as the app’s consent implementation (in particular for opt-ins and opt-outs for marketing purposes).
Any processing of personal data requires a legitimate basis. Data concerning health and sex life are afforded special protection by the GDPR. For health apps processing this kind of data, user consent will often be the only possibility to legitimise the processing. The process must be transparent and respect the principles of purpose (i.e. that the data are processed only for the purpose for which the user has given her consent).
What kinds of user data do we really need for the app? This is the question developers and start-ups should ask themselves from the outset. The principle of data minimisation is one of the cornerstones of the GDPR.
The safest solution would be to store the collected data only on the users’ devices. Many of the COVID-19 contact tracing apps are examples of this decentralised approach.7 Realistically speaking, however, cloud solutions are needed to ensure data scalability and evaluability. Here. At least, pseudonymised storage of data is mandatory.
The more sensitive the data to be processed, the stricter the data protection requirements. Otherwise, every violation of data security can attract the attention of regulatory authorities and – if they start proceedings – cause significant damage to the company’s reputation. This aspect should not be underestimated: Once negative headlines are out in the world, rebuilding one’s image requires an enormous effort – which start-ups often are unable to cope with financially. Therefore, it is mandatory to implement robust safety precautions to gain the users’ trust. This includes – for the worst-case scenario - a defined process for handling data breach incidents.
The users must be in control of their data. This includes the possibility not only to always access one’s data but also to correct and irreversibly erase one’s personal data in the app. For this control to work, the users naturally must be provided with transparent information to understand what types of data are processed for which purposes.
A UK study from 2022 showed that 84% of period tracker apps share data with third parties, i.a. for commercial purposes.8 Any sharing of personal data from the app with third parties requires the user’s consent to be legally compliant. Otherwise, the anonymised use of the collected data remains at best.
If the collected data are not required (anymore) for the original purpose for which they were collected, the data must be erased. It is advisable to define (and actually implement) a data deletion concept from the very beginning.
As the COVID-19 pandemic has shown, data collected through health apps can be valuable for research purposes. The ZOE app of King’s College London as well as the RKI data donation app helped to better understand the spread of the coronavirus.
However, there still is little research on women’s health. For a long time, women were not represented at all in medical research, with the result that a major part of medical research is biased towards the male body.9 Femtech can and will contribute to correcting this imbalance.
In the future, it will be easier for providers of health apps to share the personal data they collect with scientific institutions. The current proposal for the Regulation on the European Health Data Space (EHDS) defines and addresses providers of so-called “wellness applications”. Under certain conditions, they will be able to upload the collected data in the shared data space for research purposes. It remains to be seen how this will develop in practice. In any case, the European legislator has taken up the issue of health and research data and will set standards in future.
Do you need support with your health app or have general questions about health tech, data privacy and artificial intelligence? Contact our expert Carolin Monsees.
Co-Author: Timo Peters
1 See Conor Stewart, Femtech market size worldwide 2021-2030, in statista.com, 19.09.2022 (retrieved on 03.06.2024).
2 See for example: Mayra Buvinic/Ruth Levine, Closing the Gender Data Gap, in Significance, Vol. 13 Issue 2, April 2016, pp. 34-37 (retrieved on 03.06.2024).
3 See also: Debbie Heywood, 'Femtech‘ – getting data protection right in health apps, in: taylorwessing.com, 29.10.2021 (accessed on 03.06.2024)
4 Alexandra Kletterer, Zyklus-Apps geben intime Daten an Facebook weiter, in: netzpolitik.org, 13.09.2019, (retrieved on 3 June 2024).
5 FTC press release of 21 June 2021 (retrieved on 3 June 2024).
6 Rhianna Schmunk, Lawsuit claiming Flo Health app shared intimate data with Facebook greenlit as Canadian class action, in: cbc.ca, 08.03.2024 (retrieved on 03.06.2024).
7 Kristin Becker/Christian Feld, Bundesregierung denkt bei App um, in: tagesschau.de, 26.04.2020 (retrieved on 03.06.2024).
8 84% of period tracker apps share data with third parties, in orhahealth.com, 21.07.2022, 84% of period tracker apps share data with third parties - ORCHA (orchahealth.com) (abgerufen am 03.06.2024).
9 Warum Frauen medizinisch benachteiligt sind, in: quarks.de, 13.Januar 2021 (retrieved on 03.06.2024). Delaney Burns/Tara Grabowsky/Emma Kemble/Lucy Pérez, Closing the data gaps in women’s health, in mckinsey.com, 03.04.2023 (retrieved on 03.06.2024).
6 June 2024
5 June 2024
by Dr. Niclas von Woedtke, MBA (Kellogg/ WHU), Dr. Philipp Bergjans
by Mareike Christine Gehrmann and Dr. Carolin Monsees, CIPP/E
Increasing risk of attacks from cyberspace
by Mareike Christine Gehrmann and Dr. Carolin Monsees, CIPP/E