ENGL-BC1023

DATA PRIVACY IN FEMTECH

(The Rise of a New Category)

Summer B, 2023 | TR 9am-12pm ET

• Table of Contents
  • Course Description
    • Learning Objectives
    • Assignments
  • Weekly Schedule
    • Week 1
      • Data Usage
      • Data Privacy
    • Week 2
      • Data Security
      • Data Protection
• Image Citations

The era of "big data" has transformed the commodification of a user's data. Coupled with the rise of "FemTech" mobile apps, big data has provided new insights and access for women around the world. However, the commodification and exploitation of data has created a new set of risks. This course will examine how data is used, disseminated, secured, and protected. Course material will focus on data with respect to reproductive technology apps

In this two-week course you will learn:

• How reproductive technology apps (or FemTech) capture and utilize data
• How data is packaged and sold
• How law enforcement is accessing and using this data in a post Roe era
• How data is targeted and stolen by criminals and state actors
• How to regain control over your data and explore frameworks for protecting users and their data

Each day will include a number of required readings followed by a short discussion post on courseworks. You are expected to come to class prepared to analyze and discuss each reading. In class participation accounts for 60% of your grade in this two-week module.

Extra Credit

At the end of the course, you may choose to review one or several apps running on your mobile device. In a brief summary (no more than 2 pages), analyze your findings. What data was being tracked? Was that data shared with other applications? What implications could arise from that sharing? Read the terms of use for the application. Does it include any information on how data is stored or shared with 3rd-party vendors? Does this present a risk?

(Wie Big Data Ihre IoT-Lösung beeinflusst)

Readings:

• French, Alice, et al. “Asia’s Femtech Revolution: The Quest for Better Women’s Health.” FT.Com, Mar. 2022. ProQuest, https://www.ft.com/content/55459493-cf69-450c-b9c1-0c356347de97
• Karlsson, Amanda. “A Room of One’s Own?: Using Period Trackers to Escape Menstrual Stigma.” Nordicom Review, vol. 40, no. s1, 2019, pp. 111–23. ProQuest, https://doi.org/10.2478/nor-2019-0017
• The Rise of a New Category: Femtech. helloclue.com, https://helloclue.com/articles/culture/rise-new-category-femtech. Accessed 6 Aug. 2023.

In class exercises:

• Group up in pairs and create your own FemTech application. How might you use location data to provide resources or services? How would you use symptom tracking or other biomedical data?
• Discussion: Thinking back to "Vessel" how might you implement a "Women on Mobile" program?

Learning goals:

• Analyze the role these apps play in providing services for women globally.
• How might they be providing education or choice to women in regions where menstruation is taboo?
• How, if at all, does this technology facilitate safety or access?
• What types of data might be sensitive?
• Ultimately, I want you to come away from this with a sense of the benefits of data collection and how that data can be used to help provide resources to users.

(Gilbert)

Readings:

• Scatterday, Allysan. “This Is No Ovary-Action: Femtech Apps Need Stronger Regulations to Protect Data and Advance Public Health Goals.” North Carolina Journal of Law & Technology, vol. 23, no. 3, 2022 2021, pp. 636–68 https://heinonline.org/HOL/P?h=hein.journals/ncjl23&i=659.
• Cox, Joseph. “Data Broker Is Selling Location Data of People Who Visit Abortion Clinics.” Vice, 3 May 2022, https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthood.
• Tangalakis-Lippert, Katherine. “Police Are Prosecuting​ Abortion Seekers Using Their Digital Data — and Facebook and Google Help Them Do It.” Business Insider, https://www.businessinsider.com/police-getting-help-social-media-to-prosecute-people-seeking-abortions-2023-2. Accessed 14 Aug. 2023. .

In class discussions

• Thinking back to how low-income women were exploited for surrogacy, how might a surrogacy agency, in a country with little or no privacy regulations, abuse purchased ovulation and location data from a mobile app provider? What kind of regulations would you put in place to prevent this?
• Make a case for ethically selling data. What types of data would you include and why? Who might purchase this data?
• Can location data be misused by law enforcement agencies or even private groups? In what ways can location data or health data be used against a person of a subset of a population. Is there a potential for "false positives"? How or why?

Learning goals:

• How is data treated as a commodity to be sold and who might be buying that data?
• How could law enforcement misuse or abuse data gained from resellers? What are the implications when a warrant is no longer needed?
• What implications does this have for FemTech applications? Does this reduce their effective benefits to women globally?
• How might data sharing among applications present a risk to women in a post Roe era?
• How can location data be misused by law enforcement to prosecute women - even those who didn't have abortions? What potential does this have to impact minority or low-income women?
• While this is only a small subset of "Data Privacy" you should come away from this with a better understanding of the types of data collected, how it's used/sold, and the potential risks behind collection of that data.

(Lunden)

Readings:

• For 2nd Time in 3 Years, Mobile Spyware Maker MSpy Leaks Millions of Sensitive Records – Krebs on Security. 4 Sept. 2018, https://krebsonsecurity.com/2018/09/for-2nd-time-in-3-years-mobile-spyware-maker-mspy-leaks-millions-of-sensitive-records/.
• “Major” Data Breaches from Insecure Mobile Apps Likely - Document - Gale General OneFile. https://go.gale.com/ps/i.do?p=ITOF&u=columbiau&id=GALE|A275440957&v=2.1&it=r&sid=summon. Accessed 6 Aug. 2023
• Sen. Franken Presses Federal Officials to Crack Down on “Stalking Apps” in Wake of MSpy App Data Breach - Document - Gale OneFile: News. https://go.gale.com/ps/i.do?p=STND&u=columbiau&id=GALE|A414291300&v=2.1&it=r&sid=summon. Accessed 6 Aug. 2023
• [OPTIONAL] Under Armour Announces Data Breach, Affecting 150 Million MyFitnessPal App Accounts - Document - Gale In Context: Opposing Viewpoints. https://go.gale.com/ps/i.do?p=OVIC&u=columbiau&id=GALE|A532777187&v=2.1&it=r&sid=summon. Accessed 6 Aug. 2023
• [OPTIONAL] The Great Fish Tank Hack. https://cyberhound.com/the-great-fish-tank-hack/. Accessed 6 Aug. 2023.

In class discussions

• Are FemTech apps a healthcare technology? Should they be subject to the same regulations as healthcare providers (HIPAA)? Thinking back to day 1, how might this inhibit access to resources?
• Why might a malicious party want to target FemTech data?

Learning goals:

• Given the rise of cyberattacks targeting data, what are the risks of collecting data even when data isn't sold or given to 3rd-parties?
• What are some reasons that criminals or nation states might target data from FemTech applications?
• What incentives do companies have (if any) to secure your data? Are the current fines or regulations adequate in deterring irresponsible data security policies?
• This is just a surface level introduction to cybersecurity and data security but you should ultimately have a better understanding of how data can be misused even when it's not being commoditized.

(Buhrkuhl)

Readings:

• Gerl, Armin, et al. “Let Users Control Their Data – Privacy Policy-Based User Interface Design.” Human Interaction and Emerging Technologies, edited by Tareq Ahram et al., Springer International Publishing, 2020, pp. 790–95. Springer Link, https://doi.org/10.1007/978-3-030-25629-6_123.
• Bellabeat. Bellabeat Is First Period and Pregnancy Tracking App and Wearable to Implement Private Key Encryption (AES-256) Security Feature to Protect Women’s Data in the Wake of Roe Vs. Wade Overturn. https://www.prnewswire.com/news-releases/bellabeat-is-first-period-and-pregnancy-tracking-app-and-wearable-to-implement-private-key-encryption-aes-256-security-feature-to-protect-womens-data-in-the-wake-of-roe-vs-wade-overturn-301608919.html. Accessed 15 Aug. 2023.
• A NEW COMPACT FOR SEXUAL PRIVACY. - Document - Gale OneFile: LegalTrac. https://go.gale.com/ps/i.do?p=LT&u=columbiau&id=GALE|A666682274&v=2.1&it=r&sid=summon. Accessed 6 Aug. 2023

In class discussions

• Think back to our discussions around eugenics, dwarfism, and down syndrome. If users are in control of their data, does that absolve companies from their duty to secure and protect data? Would a user centric focus on data protection put the onus on women when data is misused or leaked? Why or why not?
• If you were to design a framework for data protection, what would it include? What would it not include?

Learning goals

• How can you regain control over your data?
• What does it look like when users are solely repsonsible for their own data protection?
• This final day should leave you with the awareness and ability to be a good data steward and advocate for better data privacy and protection.

Extra credit

Extra credit

• Share your findings!

Gilbert, Arlo. “What We Can Learn about Data Privacy from Big Tech’s Mistakes.” Security Info Watch, 20 July 2023, https://www.securityinfowatch.com/cybersecurity/article/53066756/what-we-can-learn-about-data-privacy-from-big-techs-mistakes.

Buhrkuhl, Curtis. What’s The Difference Between Privacy and Data Protection? https://www.office1.com/blog/whats-the-difference-between-privacy-and-data-protection. Accessed 6 Aug. 2023.

Lunden, Ingrid. “Dig Scoops up $34M to Tackle the Fragmented World of Cloud Data Security.” TechCrunch, 14 Sept. 2022, https://techcrunch.com/2022/09/14/dig-scoops-up-34m-to-tackle-the-fragmented-world-of-cloud-data-security/.

Wie Big Data Ihre IoT-Lösung beeinflusst. 25 July 2018, https://www.scnsoft.de/blog/big-data-im-iot-besonderheiten.