Fertility App Developer Faces Lawsuit for Giving User Information with Chinese Companies Without Authorization

Easy Healthcare Corp. based in Burr Ridge, IL is facing a lawsuit for the alleged giving of sensitive user data to third-party companies located in China.

Easy Healthcare Corp is the creator of Premom, a famous smartphone fertility application for keeping track of users’ ovulation cycles to determine when they are most fertile. The legal action states that a selection of sensitive user information was shared with at least three Chinese firms without getting users’ authorization. Because the data is saved on servers in China, the lawsuit claims sensitive data could likely be accessed or obtained by the Chinese government.

The data given to the Chinese organizations contains sensitive healthcare details, geolocation details, user and advertiser IDs, device activity data, and device hardware identifiers. Considering that the identifiers never change, mixing them with data where it was seen will enable data collectors to restore app users’ activities.

Identifiers accessed by the Chinese organizations contain MAC addresses or Wi-Fi media access controls, which are distinct identifiers for network interface controllers; MAC/BSSID addresses of routers, which contain geographical location information; and SSID (Service Set IDs) of routers, which offer Wi-Fi networks information. It is additionally possible for data to be obtained regarding users’ likes and dislikes, wellness, religious beliefs, political ideas, and other sensitive information.

The lawsuit states user data was shared with Jiguang (Aurora Mobile Ltd), Umsns, and Umeng, which give activity analysis, precision advertising, financial risk regulation, and location-dependent analysis services to their consumers.

As per the legal action, the Premom privacy policy states that it won’t share or market your personal data to data brokers, advertisement platforms, or information resellers, thus the disclosure of the information violates those terms and conditions. Though the privacy policy does say that non-identifiable user data may be obtained, users are informed that the data won’t be distributed to external parties without user permission.

The plaintiff learned that her personal details were disclosed to the three Chinese firms for 3 years without her authorization or awareness. She says Easy Healthcare fooled her as she wasn’t advised that her information would be given to the Chinese organizations. The lawsuit likewise claims Easy Healthcare got paid to provide the data and the organization misrepresented its data-sharing policies. The lawsuit at the same time claims user data is documented every time users unlock or utilize their telephone, whether or not they are using the app, which violates Google Play’s developer guidelines.

The lawsuit was filed just a few months right after a bipartisan group of senators had written to the Federal Trade Commission (FTC) to have an inquiry of the data security and privacy procedures of the Premom application, after learning about the unauthorized information sharing by International Digital Accountability Council.

The legal action was submitted in the US Northern District Court of Illinois, Eastern Division and wishes class-action status and damages for software users. The lawsuit furthermore demands that Easy Healthcare stop sharing user data with organizations without first acquiring permission from app end users. Easy Healthcare has not admitted any liability.

Premom isn’t the sole health app found to be disclosing user information without getting informed authorization from application users. The FTC recently resolved a data privacy and security case with Flo Health last January 2021 for misrepresentation of privacy practices for its fertility application and disclosed user data with a data analytics organization without permission. Flo Health was directed to assess and change its privacy policies and get authorization from app users before sharing their information.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone