Added to the long list of taboos in India is birth control measures – modern-day solutions to prevent humiliating interactions when purchasing a condom or pill go to the extent of having it delivered to your doorstep. But there might be a solution to avoiding the awkward eye-contact with your pharmacist in the near future, once again brought to you by the ever-evolving world of technology.
In 2018, the Swedish based app ‘Natural Cycles’ became the first “digital contraceptive” that was cleared by The United States Food and Drug Administration. The app determined the fertility window of its user based on the basal body temperature and data on her menstrual cycle. The more recent approval given to the “all-digital” contraceptive ‘Clue’ (where the user is required to only provide the start date of her period) indicates the focus of the digital health and wellness market on femtech, and signals the beginning of a digital alternative being made available to traditional contraception across the world.
Digital contraceptives have both pros and cons. On the one hand, they do not possess any side effects or result in hormonal imbalance. Societal pressure need not be factored in while purchasing the contraceptive, and women are informed of their cycles and fertility windows. On the other hand, success rates are to be improved and, along with it, affordability. Studies in India have shown that the percentage of nonusers of contraception, who reported that contraceptives “cost too much” as the main reason for not using any family planning method, increased from 1992‐93 to 2015‐16, as much as by 6% in the poorest section. However, given the deplorable condition of sex education in India and other nations, contraceptives remain the easier alternative to family planning than depending on the schooling system on informing a woman of her reproductive choices.
Thus, the availability of a different and more accessible option in the birth control industry is welcoming. While there have been tensions with Natural Cycles and the Swedish Government as well as with its competition, the technology is soon to be introduced in the global market; and its regulatory implications are well worth considering.
Data Protection Regulations and Health Data
Reports on period tracking apps sharing data with Facebook, which in turn sold it to advertisers and marketers, surfaced as early as 2019. Clue has also been found to transfer its user data to third parties which in turn create their digital profiles. Other criticisms of femtech surround the commodification of women’s personal details, its use in surveillance and workplace discrimination, and users being subject to intimate surveillance. Medical data privacy is an intrinsic right of the individual, as such data can be used as identifiers which may lead to social and economic harm as well as influence their otherwise autonomous choices. With the pandemic bringing to light questions on medical data privacy, regulations are attempting to assuage the concerns of the public. Naturally, the introduction of digital contraceptives will be met with similar issues, even more so given the current alarming state of affairs.
Europe’s comprehensive data privacy regulation, the General Data Protection Regulation (or ‘GDPR’) sets out a number of conditions for a service to legally use its users’ personal data. Automated decision-making and profiling, which includes analysing or predicting aspects concerning the data subject’s health, based on special categories of personal data, are allowed only under specific conditions (which is prescribed by The European Data Protection Board). Under Chapter III, Section 4, Article 37, companies that require regular and systematic monitoring of data subjects on a large scale, including data related to their health, are to designate a Data Protection Officer (DPO) that informs and advises the company, monitors its compliance with the Regulation and related statutory provisions, and acts as the contact point for the supervisory authority. Additionally, the GDPR also allows for Member States to maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health.
Much like the GDPR, India’s Personal Data Protection Bill, 2019 also contains provisions with respect to the collection and use of the user’s (or “data principal’s”) health data. Defined in S.3(22) as data related to the state of physical or mental health of the data principal…, it is also classified under “sensitive personal data.” Processing of this data is to be on the basis of explicit consent with other conditions mentioned in S.11(3) of the Bill. Every entity which collects or uses such data is to ensure privacy by design and implement security safeguards including the use of methods such as de-identification and encryption. Additionally, if the entity is processing sensitive personal data for profiling, it is to submit a data protection impact assessment before commencing such processing. Further, they are to appoint a data protection officer with functions similar to that which is mentioned in the GDPR. Interestingly, the Bill has devoted a specific chapter, Chapter VII, restricting the transfer of sensitive personal data. It is mandated that such data is to be stored in India and may be transferred only upon the Data Protection Authority’s or Central Government’s approval. These stringent regulatory requirements, if implemented properly and at the earliest, will assuredly safeguard the public from most of the aforementioned concerns.
It is evident that digital contraceptives have to cross many regulatory hurdles before being made available in the market. While these measures ensure that users’ personal data are not exploited, the requirements will detrimentally affect services that are financially unable to meet such standards (as was seen preceding the implementation of the GDPR). To recoup monetary losses due to maintenance and compliance with the provisions in the Bill, consumers may be charged higher premiums. This, in effect, leads to yet another accessibility divide between higher and lower-income populations. Furthermore, in India, cultural and societal norms assign women the responsibility of avoiding pregnancy. However, women are paid less in most businesses (if they are working at all), with the pandemic exacerbating the gender pay gap. Therefore, it is crucial that innovative services in the birth control industry are to be made affordable to all.
Data protection measures should not be mandated at the cost of accessibility to services as it may very well leave a whole community behind the leaps of technological advancements that is already suffering from the gender digital divide. At the same time, data privacy is not to be forsaken either, and it is up to the Centre and States to implement socio-economic policies to promote accessibility as well as ensure personal data protection.
The technology itself has much to improve in terms of simplifying its privacy policies, adapting to multiple body types, etc., which will hamper any speedy introduction of such apps in countries with a diverse and huge population. The implementation of GDPR saw huge fines being levied on companies to hospitals. India may witness similar incidents, effectively slowing the pace of digital contraceptives as well as other services entering its marketplace. This period can be used for devising fruitful policies and schemes that enable innovation and inclusivity, ensuring that no one is left behind in the digital age.
This post is authored by Mekha Vijayakumar, a 3rd year student at The National University of Advanced Legal Studies, Kochi.