"I Deleted It After the Overturn of Roe v. Wade": Understanding Women's Privacy Concerns Toward Period-Tracking Apps in the Post Roe v. Wade Era

The overturn of Roe v. Wade has taken away the constitutional right to abortion. Prior work shows that period-tracking apps’ data practices can be used to detect pregnancy and abortion, hence putting women at risk of being prosecuted. It is unclear how much women know about the privacy practices of such apps and how concerned they are after the overturn. Such knowledge is critical to designing effective strategies for stakeholders to enhance women’s reproductive privacy. We conducted an online 183-participant vignette survey with US women from states with diverse policies on abortion. Participants were significantly concerned about the privacy practices of the period-tracking apps, such as data access by law enforcement and third parties. However, participants felt uninformed and powerless about risk mitigation practices. We provide several recommendations to enhance women’s privacy awareness toward their period-tracking practices.


INTRODUCTION
The overturn of Roe v. Wade in June 2022 has taken away the constitutional right to abortion in the US, leading to varying levels of abortion limits across diferent states [12,44,60,78,107,119].This decision jeopardizes reproductive justice and afects millions of women in the US [26], making abortion services much less accessible in many areas, including the 15 states where abortion has been completely banned as of August 2023 [119].
Besides abortion services, women's use of fertility-related technologies can be largely impacted as well, including period-tracking apps -the most popular type of women's mobile health (mHealth) apps [112], as these apps track and collect a vast amount of sensitive data [98], including menstrual cycle data [55,78,89], pregnancy [55], sex life [55,89], and location [55,89], which can all be used to detect or infer abortions.Worse yet, these highly sensitive personal data are also excessively shared with third parties [32], such as advertisers and insurance companies [55,89].Other privacy concerns include lack of readable privacy policies in apps [4,50,106], unnecessarily long retention of data [66], and limited user control [66].
Notably, these privacy concerns toward period-tracking apps are even aggravated in the post Roe v. Wade era, as law enforcement can now request fertility-related records from period-tracking app companies as evidence of crimes [98].For example, a report suggests that 67% of period-tracking apps share data for "legal obligations" [49].In support of women's reproductive privacy, a term that refers to activities and data relating to women's reproductive health (e.g., pregnancy status) [78], it is crucial to investigate women's privacy knowledge, perceptions, and practices toward period-tracking apps in the post Roe v. Wade context.
A small number of women's health research has focused on menstrual technologies [6,61,85,121,123].Attention in this feld has been primarily given to menstrual education for adolescents [61,121,123], menstrual tracking design [47,53,110], and user experiences [42].However, despite the increasingly concerning data practices, work that investigates the privacy factors of period-tracking apps remains scant, mostly overlooking the impact of abortionrelated laws.For instance, two studies conducted outside the US suggested people's lack of privacy awareness when using periodtracking apps [11,58].One small-scale interview-based study has specifcally examined how the overturn of Roe v. Wade has impacted women's reproductive privacy practices [78], suggesting participants generally did nothing more than delete their periodtracking app.However, this interview study did not systematically measure the impact of apps' privacy practices (e.g., data sharing stakeholders, type of collected data, and types of user's control) on users' privacy attitudes and concerns.Such feature-level investigations are critical to informing the design of privacy-preserving period-tracking apps and policies.
To fll in this gap, the present paper seeks to answer three overarching research questions (RQs): • RQ1: What factors infuence women's privacy perceptions and practices toward period-tracking apps?• RQ2: What are women's knowledge and attitudes toward the overturn of Roe v. Wade and its impact on their privacy concerns and practices of period-tracking apps?• RQ3: What are women's expectations for privacy-enhancing features, actions, and information from stakeholders, such as period-tracking app companies?
To address the RQs above, we conducted a vignette-based study with 183 female participants in the US, evenly distributed in abortionallowed and banned states.Our fndings highlight four critical points: 1) The stakeholders who have access to the period-tracking apps' collected data have the most impact on participants' perceived privacy concerns, with government and law enforcement being the most concerning stakeholders (RQ1); 2) Despite showing signifcant concerns toward the data practices of period-tracking apps, participants felt uninformed and powerless about strategies to mitigate their privacy concerns (RQ1); 3) Participants were generally unaware of how the overturn of Roe v. Wade might impact their reproductive privacy and their use of period-tracking apps (RQ2); and 4) participants called for app companies and law enforcement to enhance users' control over period-tracking data (RQ3).
Our work makes the following contributions: (1) Through our quantitative data analysis, we identifed the factors that signifcantly impact women's privacy practices and concerns toward period-tracking apps post the overturn of Roe v. Wade.(2) Through our qualitative investigation, we surfaced women's privacy knowledge and perceptions toward the period-tracking apps post the overturn of Roe v. Wade.(3) We provide actionable recommendations for public education, period-tracking app companies, and policies to raise women's reproductive privacy awareness and empower women to have more control over their reproductive data.

BACKGROUND AND RELATED WORK
In this section, we begin by presenting the background of the overturn of Roe v. Wade.In addition, a growing body of research in human-computer interaction (HCI) has focused on women's health and menstrual health technologies such as period-tracking apps.
We summarize this strand of prior research and highlight how our work can build on existing literature.Last, we dive into how the overturn of Roe v. Wade impacts women's privacy concerns and practices toward period-tracking apps.

Roe v. Wade and Reproductive Justice
In June 2022, the Supreme Court of the United States decided to overturn Roe v. Wade with the Dobbs v. Jackson decision [78], taking away the constitutional right to abortion.Due to the overturn of Roe v. Wade, state governments now have the full right to decide whether to criminalize abortion or not [78].As of August 2023, due to political polarization [12], abortion has been completely banned in 15 states [44,107,119], while the remaining states legalize abortion with varying levels of protection and gestational limits [60].
The overturn of Roe v. Wade is widely considered a decision that afects the reproductive lives of millions of women in the US and jeopardizes reproductive justice in many ways [26].For example, policies that restricted access to abortion have constrained reproductive and sexual health services in many ways, including removing public money allocated to abortion facilities and providers [99], criminalizing individuals who provided guidance on self-administered abortions [116], etc.These impacts could be disproportionately more devastating to women from diferent marginalized and minority groups in the US, such as women sufering from poverty, racism, sexism, etc [23,26,99,116].It is estimated that there could be a 21% increase in mortality overall, with a 33% increase, particularly for Black women [114,116].
According to various international human rights organizations, restricting access to safe and legal abortions severely hinders women's rights and health [81,96].Unfortunately, while overturning Roe v. Wade is exclusively efective in the US, its impact will be global [26,116].Roe v. Wade has been an infuential court decision in other countries that have previously achieved progress in reproductive justice, such as Kenya [48].In Kenya, the High Court of Malindi afrms that abortion access is a fundamental right by referencing Roe v. Wade [48].Presumably, the Dobbs decision could be as infuential as the Roe decision, thereby enhancing reproductive injustice globally.Consequently, it is imperative to (re)investigate protection strategies for women's reproductive health and rights in the post Roe v. Wade context.Our work aims for this goal by looking into the specifc privacy implications and proposing protection strategies accordingly.

Women's Health and Menstrual
Technologies in HCI Motivated by feminist HCI [17,67,101], the topic of women's health has been receiving growing attention in the HCI research community over the last several years [6].At CHI 2017, a workshop on hacking women's health initiated research discussion around women's digital health [15].Since then, a strand of work has been proliferating, especially relating to intimate and menstrual health [24,85,109,110,122,123], maternal health [59,70,84,94], and sexual well-being [33,63,64].Some research in this area has taken the lens of design to explore emerging technologies that promote women's health knowledge and awareness, such as through exploring and testing a wearable etextile in support of breast self-awareness [5], a design kit with electronic textiles to promote bodily literacy [7], and an augmented system that promotes bodily literacy and pelvic ftness for women [8].Besides promoting bodily literacy, a volume of work has focused on designing for women's sexual pleasure [16,18,33,108].Other work has investigated technologies to increase empathy from partners [69], tools to manage healthcare records across pregnancy [41], and mHealth applications to encourage healthy behaviors for pregnant women [70,92].
More relevant to our work is a signifcant focus on menstrual health [6,85,123].For example, in menstrual education, Help Pinky is a game developed by Jain et al. [61], teaching adolescent girls in India about menstrual health.Similarly, to encourage discussions on menstrual health between parents and children, Tran et al. [121] developed an internet-connected working model of the uterus.Tuli et al. [123] presented empirical fndings from an inquiry into current approaches to educating adolescents about menstruation, suggesting gaps between parents' and teachers' expectations.Besides education, prior work has explored menstrual tracking [42,47,53,110].For instance, recent studies have investigated using ambient light and color-emitting smart mirrors to track menstrual information [47,53].Similarly, Epstein et al. [42] have examined the practices and motivations of using menstrual tracking apps in the US, suggesting design drawbacks and the non-inclusive nature of the menstrual tracking apps.
Although the prior research has shed light on the signifcance and benefts of promoting women's health through various technologies, work that empirically investigates the concerns, such as privacy factors of menstrual technologies, remains nascent.However, menstrual technologies track and collect a variety of sensitive data such as sexual activities and medical records without many regulations in the US [78], depriving women of their reproductive rights and freedom [9,10].More of such privacy concerns will be detailed in Section 4.2, where we narrow down our focus on one of the most widely used menstrual technologies -period-tracking mobile apps, with 26.60 million users worldwide in 2022 [112].To promote women's reproductive health and justice, it is equally vital to look into the benefts, as well as the potential harms of these menstrual technologies.While most of the work exploring menstrual technologies in HCI has been focusing on usability, our work highlights the privacy harms and how women users perceive or neglect the harms at a critical historical moment -the overturn of Roe v. Wade.

Privacy Concerns of Period-Tracking Mobile
Apps in the Post Roe v. Wade Era Scholarship investigating the privacy practices of mHealth apps in general, and period-tracking apps in particular, has more often than not yielded concerning fndings.For instance, sensitive data, including reproductive-related behavior and location data, is collected by women's mHealth apps.In a scoping review of 23 popular women's mHealth apps, it was found that all apps permitted behavioral tracking, while 61% allowed location tracking [4].The same study has found that a signifcant 87% of these apps share the collected data with third parties [4].
Despite their concerning data practices, prior work has shown that 30% of period-tracking apps did not display any privacy policy [4].Similarly, a comprehensive analysis of 20,991 general mHealth apps revealed that 28.1% of the apps provided no privacy policy at all [117].Even when privacy policies are available, questions rightfully arise regarding their efectiveness.Despite its sensitivity, reproductive-related data is often not covered by privacy policies or even completely disregarded [106].In addition, Fowler et al. assessed that understanding a period-tracking app's privacy policy or terms of service typically requires a college-level education.This suggests that most American users may not fully understand how their data is being used and shared [50].That is, if they even read it at all, only a mere 9% of American adults consistently read privacy policies before agreeing to them [14].
Privacy and data practices of period-tracking apps are especially concerning as the information collected by health-focused apps is not covered by the Health Insurance Portability and Accountability Act (HIPAA) [102].Likewise, in the UK and European Union (EU), it is unclear whether female-oriented technologies (FemTech) data is protected under the "special category data" in the General Data Protection Regulation (GDPR) framework in the EU and if such data fall under "medical" category or other groups in the UK Medicines and Healthcare Products Regulatory Agency (MHRA) [43,79,80].Essentially, women's health data protection has been poorly defned in many major legal frameworks worldwide, and the responsible stakeholders remain unknown [80].
With the overturn of Roe v. Wade and the resulting changing legal landscape, interest and concern surrounding the privacy of period-tracking apps have naturally risen.The number of articles about the danger of using women's mHealth apps and privacyrelated reviews has increased [32].Mozilla has labeled 18 of 25 popular period-and pregnancy-tracking tech with a "privacy not included" warning [83].A report by the Organization for the Review of Care and Health Apps (ORCHA) revealed that 67% of the periodtracking apps tested share data for "legal obligations" [49], which is particularly alarming in the current context of the US abortion laws.
The extent to which these practices represent a real threat remains a topic of ongoing debate.The Electronic Frontier Foundation (EFF) argues that although anyone may buy certain period-tracking apps' datasets, it is not the primary strategy being used to criminalize abortion seekers, at least not currently [51].Presently, law enforcement relies on text messages, emails, and browser search histories [57].Indeed, in 2022, a Nebraska police ofcer used Facebook messages to investigate an alleged illegal abortion [65].In another case, a visit to a web page titled "National Abortion Federation: Abortion after Twelve Weeks" has been used to prosecute a woman in Indiana [128].Nevertheless, the fact remains that fertility apps are not entirely safe to use.The Federal Trade Commission (FTC) fled a complaint against Flo Health Inc. (the most downloaded period-tracking app worldwide in 2022 [111]), accusing them of allegedly sharing users' sensitive health data with Facebook, Google, AppsFlyer, and Flurry over an extended period of time while they explicitly told their users they did not [27].The complaint resulted in a settlement and the app introducing an "Anonymous" mode, but research shows that de-identifcation measures are rarely reliable [100].More recently, the FTC charged another period-tracking app, Premom, for deceiving users about their data practices by disclosing health data to third parties [28].
While considerable attention has been given to user experiences and app practices, little work has been done to understand users' privacy perceptions surrounding period-tracking apps, particularly following the overturn of Roe v. Wade.A study done in New Zealand revealed most participants regard the data collected by periodtracking apps as uninteresting and unproblematic [58], supporting the use of their menstrual data in academic research [58,106].By contrast, a poll by the Information Commissioner's Ofce (ICO) in the UK revealed that women had greater concerns about data transparency and security than ease of use and costs of periodtracking apps [1].Building on this fnding, another UK-based study suggests that users lack the technological skills to protect their FemTech data despite the privacy concerns expressed [80].Another study conducted in Germany suggested that the perceived benefts of period trackers outweighed the perceived harms among users.In fact, while non-users frequently expressed privacy concerns when it came to sharing intimate data with period trackers, the interviewees who were actively using the apps rarely raised such concerns themselves [11].
Collectively, these studies have revealed an important fact -the privacy paradox phenomenon may widely exist in period-tracking apps, similar to other mHealth applications [125,129].By defnition, privacy paradox refers to the contradictory privacy concerns expressed by users and their actual behaviors, e.g., voluntarily giving away information, making little efort in data protection, etc. [52].One of the widely used explanations for privacy paradox is privacy calculus, which refers to users' comparison between the perceived privacy risks and their anticipated return for revealing information, e.g., the utility of apps [46,105].How users weigh the privacy risks and benefts of mHealth apps depends on various contextual factors, e.g., type of requested data, type of device, etc. [45].In more sensitive contexts, such as sexual and reproductive health interventions, the privacy of information-and support-seeking methods aforded by mHealth technologies have greatly attracted users' interest [45,115].For instance, in a study of mobile cell phone-based HIV prevention intervention, Cornelius et al. [30] showed that the confdentiality of the technology was perceived as an advantage for seeking HIV-related information.
The majority of existing literature on users' privacy perceptions toward period-tracking apps has been conducted outside the US, where the legal landscape surrounding abortion difers.More recently, McDonald and Andalibi interviewed 15 individuals who may get or were pregnant in the US to understand how the overturn of Roe v. Wade impacted their reproductive privacy practices, and they nearly all reported deleting period-tracking apps without taking further action [78].They also found that participants' reproductive risk, age, location, and experience with oppressive government could potentially have an impact on participants' privacy strategies.Due to its qualitative nature, this study was not able to quantitatively measure the impact of various in-app privacy factors (e.g., type of requested data [45] and users' data autonomy [125]) on users' attitudes and practices toward period-tracking apps.Such investigation is critical to informing the design of period-tracking apps and policies to protect women's privacy more efectively.
To shed light on the privacy attitudes and expectations of female users of period-tracking apps, we conducted a large-scale survey.Through careful quantitative and qualitative investigation, we identifed the specifc factors that have a signifcant impact on women's privacy concerns and practices toward period-tracking apps post the overturn of Roe v. Wade.

METHODOLOGY
To surface the factors that infuence women's privacy attitudes, concerns, practices, and expectations toward period-tracking apps post the overturn of Roe v. Wade, we conducted an online vignette study with 183 Prolifc1 participants from the US.We presented each participant with a consent form at the beginning of the survey.

Fractional-Factorial Vignette Study
Leveraging short hypothetical scenarios, vignette-based studies aim to elicit participants' considerations and judgments toward the presented scenarios [13,77,86].By researching theoretically important factors and systematically varying these factors [13], multiple vignettes are presented to participants.In a fractionalfactorial vignette study, each participant only answers questions about a subset of scenarios to ensure the response quality within reasonable survey completion time [13].
Previous privacy research [35,37,39,71,72,76,77,86,95,127] has extensively used the vignette technique to examine privacy norms in varying privacy-related contexts.As opposed to testing for a static defnition of privacy [77], the vignette technique can help identify the relative importance of each privacy factor that participants take into consideration when making a privacy decision within a specifc community [62,126].

Study Design
3.2.1 Factor Specification.We quantifed the impact of four privacy factors (e.g., Data Storage) in our study.For each factor, we considered multiple levels (e.g., Data storage: Device, Data Storage: Cloud) to test a hypothesized range of privacy protection, from low-protective (e.g., Data Storage: Cloud) to high-protective (e.g., Data storage: Device).We only included privacy factors and levels that prior research has identifed as potentially important in users' privacy attitudes toward period-tracking technologies (e.g., period-tracking apps, FemTech) (Table 1).We included the following four factors in each vignette: • Collected Data: The type of data the period-tracking app collects (fve levels).• Data Storage: The location where the collected data is being stored (two levels).• Data Sharing: The stakeholder that the data is being shared with (fve levels).• User Control: The type of controls users have about their collected data (three levels).
To design vignettes that are realistic and similar to the current data practices of period-tracking apps, we set the Menstrual cycle data as the default level (most protective) of the Collected Data factor.We considered collecting additional data types less protective and hypothesized that participants would become more concerned if the period-tracking apps collected data types in addition to menstrual cycle data.To test this hypothesis, we tested four additional data types (precise location, mental health data, physical health data, and intimacy data), which have been shown to impact privacy concerns and practices toward period-tracking technologies in prior work (Table 1).

User Control
Data deletion [90,93].None Table 1: Each vignette in the survey included the four factors (e.g., collected data).For each factor, we selected a random level (e.g., menstrual cycle data) among the possible levels.
Sharing data with the app company is a common practice for period-tracking apps [55,89,97,98].Therefore, we identifed App Company as the base level of the factor Data Sharing.We tested three additional data-sharing parties (law enforcement ofcers, third-party advertisers, and healthcare providers), which were shown to have varied privacy implications (Table 1).We considered no data sharing as the most protective level.
Cloud storage could expose people to higher privacy and security risks compared to device storage, and people are more concerned about cloud storage as opposed to data being stored on the device [93,98,120].To test this in the context of period-tracking apps post the overturn of Roe v. Wade, we considered two levels for the factor Data Storage -cloud and device.
Based on prior research, users would like more control over their data when interacting with digital technologies [80].In our survey, we tested participants' attitudes toward three levels of user control: opt-out from data sharing, data deletion, and no control over data.These levels were identifed by the prior work to potentially impact privacy concerns and attitudes toward data-intensive technologies and apps [55,90,93].

Scenario Design.
Using the factor levels (e.g., Collected Data = Menstrual cycle data), there are 150 possible combinations.After eliminating unrealistic options, such as scenarios with Data Sharing = None ("Your data will not be shared with anyone.") and User Control = Opt out from data sharing ("You have the option to opt out of your data being shared outside the app company."),75 scenarios remained.In the survey, each vignette presented the factors in this order: Data Type, Data Storage, Data Sharing, and User Control.Each participant was presented with four randomly selected scenarios.We selected four, as our pilot study showed that having four scenarios would allow participants to complete the survey in less than 15 minutes.The following is an example of a scenario that we presented to participants: Imagine you are looking for a period-tracking app to install on your phone to keep track of your menstrual cycle.You see a period-tracking app with the following data practices: The app only collects your menstrual cycle data (e.g., days bleeding).This app will store your data on the device.Your data will not be shared with anyone.You have the option to delete your data.

Survey Design.
We implemented our survey on Qualtrics2 .We started the survey with a consent form.We then presented participants with instructions on the survey procedure.Participants were randomly assigned to see four period-tracking apps' data collection and use scenarios.At the end of each scenario, we asked participants some follow-up questions.
First, we asked participants to specify their level of concern toward the presented scenario's data practices and the reason(s) behind their response.Next, to assess participants' attention, we presented an attention-check question.The attention-check question was a multiple-choice question where we asked either about the type(s) of data being collected in the given scenario, where the collected data is being stored in the given scenario, with whom the data is being shared in the given scenario, or what data control users have in the given period-tracking scenario.For each scenario, we randomly selected one type of attention-check question.When analyzing the data, we removed participants who missed more than two attention-check questions from the database for further analysis.
After the scenario questions, we asked participants about their period-tracking app usage, such as their period-tracking tool usage history and purposes of usage.Then, we asked participants about their concerns and risk mitigation practices toward the periodtracking apps that they have used.We then asked participants about their knowledge of the data practices of period-tracking apps.
Next, we asked participants questions focused on the overturn of Roe v. Wade.We started by asking participants about their familiarity with the overturn and their concerns about the overturn of Roe v. Wade.Then, we asked participants to specify how much impact they believe the overturn of Roe v. Wade has had on their privacy concerns about the data practices of period-tracking apps and their rationales.We also asked participants if they had ever changed their period-tracking habits and practices due to the overturn of Roe v. Wade.We ended the survey with demographic questions.See the complete survey questions in Appendix A.

Pilot Survey
Before launching the formal survey, we conducted a pilot study with 20 Prolifc participants.Based on the timing fndings of the pilot survey, we reduced the number of presented vignettes from six scenarios (average completion time of 31 minutes) to four scenarios for our main survey (average completion time of 14 minutes).

Participant Recruitment
We initially recruited 200 participants on Prolifc.Participants were required to be 1) at least 18 years old, 2) living in the United States, 3) self-identifed as a female, including transgender and cisgender females, and 4) having an approval rate of over 95% on Prolifc.To investigate diferences between participants from abortion-banned states and abortion-allowed states (according to the latest data from [119] as of Aug 2023), we recruited half of our participants from 15 abortion-banned states (e.g., Texas), while the other half were recruited from 8 abortion-allowed states, with no gestational limit (e.g., Minnesota).On average, it took 14 minutes for participants to complete the survey.Upon completion, each participant received a 4 USD compensation.

Data Analysis
3.5.1 Qantitative Analysis.For the quantitative analysis, we statistically modeled participants' self-reported privacy concerns toward period-tracking apps' data practices presented in vignettes.Since the possible responses to the concern question were ordinal categorical (e.g., slightly concerned, somewhat concerned), we conducted an ordinal regression analysis by constructing a cumulative link mixed model (CLMM).We selected a mixed model as our survey had a repeated-measure design, where each participant was asked the same question about their level of concern regarding four vignettes.To count for potential within-participants data dependencies, we constructed a mixed regression model with random intercept (CLMM).
Using the Akaike Information Criterion (AIC) as the metric for the model's goodness of ft, we performed model selection with forward addition.For the model selection, we considered the four scenario factors (Table 1), the order in which we presented the scenarios (Scenario Order), the demographic factors, and the frstorder interaction terms.
For each factor, we selected one level as the baseline.For example, for User Control, we selected None as the baseline.It is important to note that any level of each factor can be selected as the factor's baseline, and the selection of baseline does not have any impact on the relative importance of the levels of factors.Table 3 shows the explanatory variables that we included in the fnal regression model after the AIC model selection process.
In the following, we provide details regarding the CLMM we employ for inference.Consider the ℎ participant in our survey, .Concern levels for the ℎ app sees can be represented as , ∈ {1, 2, 3, 4, 5}.For ∈ {1, 2, 3, 4}, the probability that the concern level of is at most is modeled as where (•) is the sigmoid function, |+1 is the threshold parameter between the class and + 1 determined by the model, and is the random efect modeled as a Gaussian with zero mean and constant variance 2 ˆ is the model's estimates for ( 1 , . . ., ), and . is the observed demographic and app attribute data for participant .

Qalitative Analysis.
For open-ended survey questions, we conducted a qualitative content analysis [103].One of the authors frst annotated and coded 20 responses (10% of our total responses).According to the annotations, the author constructed a codebook to analyze the remaining responses.Two researchers independently applied the codebook to the responses and iteratively revised the codebook through several meetings.After resolving the coding discrepancies and disagreements, we reached a Cohen's Kappa intercoder agreement of 87.5%, which is considered "almost perfect" [19].The resulting codebook contains 10 main codes, 55 sub-codes, 101 sub-sub-codes, and 9 sub-sub-sub-codes.The fnal codebook is available in Appendix B.

Ethics and Positionality
3.6.1 Ethical Statement.The study has been approved by the university's Institutional Review Board (IRB).In addition, prior to the start of the survey, each participant was informed of the study procedure, risks, compensation, confdentiality, voluntariness, and rights to contact.All participants read and agreed to our terms before participation.

Positionality Statement.
In qualitative research with respect to marginalized groups such as women, it is crucial to clarify researchers' positions in society and their identities [104].Researchers' positionalities such as class, gender, and race could invariably impact the research process and outcomes [40,91].In this work, four out of fve authors are cisgender females, and three of us were located in the US when conducting the research, making most of us part of the same marginalized group described in this study, i.e., women in the post Roe v. Wade US.Therefore, our identities and personal experiences informed the design of the survey questions that our participants could relate to.Additionally, when conducting the qualitative analysis, our identities helped us resonate with participants' privacy concerns.

Limitations
Our study employed a vignette-based approach to understand how diferent privacy practices of period-tracking apps may impact individuals' privacy concerns, attitudes, and practices.To limit the survey length for response quality, we only tested a limited range of  The political afliations of the people who selected 'other' are either 'anarchist', 'green', 'leftist', or 'Marxist-Leninist.'In the Race and Degree columns, the numbers in parentheses show the US average for women, according to census data from 2022 and 2023 [21,22].In the Political Afliation column, the numbers in parentheses show the US average for women, according to Pew Research Center data from 2020 [25].
data practices identifed by prior work to impact users' privacy attitudes and concerns.Future work could expand the factors and their levels to evaluate more period-tracking scenarios, such as sharing period-tracking data for analytics and academic purposes [106].
In addition, while vignettes help isolate specifc factors and their levels, it should be noted that they may not fully illustrate the complexity of real-life behaviors.Thus, participants' reactions to these scenarios might difer from their real-life actions.To make the scenarios as realistic as possible, we included privacy factors and levels similar to data practices of period-tracking apps.In addition, we included participants' free texts in our in-depth qualitative analysis to better refect participants' lived experiences [74].
While most period-tracking app users are female, we acknowledge that other populations use period-tracking apps, e.g., male partners [87,118].Partners' use of period-tracking apps, such as for intimate surveillance [118], supporting their female partners [3,54], and increasing chances of conceiving [82], may violate women's privacy by disclosing their reproductive information without women's knowledge or permission, i.e., interdependent privacy (IDP) violations [87].In this study, we focused on how period-tracking apps are approached by users who use such apps for their own reproductive health [78].Therefore, we only recruited female participants.However, considering the potential existence of IDP violations in period-tracking apps, we encourage future work to investigate other users' (e.g., partners) perspectives, especially if their app activity would put women at risk.
Participants were recruited through the Prolifc platform, which may introduce biases relating to the characteristics of its users.In addition, our participants are not entirely representative of the U.S. population.For instance, only 4.9% of our participants identifed as Black or African American alone, compared to the U.S. Census estimate of 13.6%.Those identifying as Hispanic or Latino only constituted 2.7% of our sample (U.S. Census reports 19.1%).

RESULTS
We initially recruited 200 participants from the Prolifc platform, who identifed themselves as women.In our survey, we presented four randomly selected vignettes to each participant.For each scenario, we asked one attention-check question to assess participants' understanding of the data practices described in the scenario (Section 3.2.3).In data analysis, we excluded participants who (1) got at least 3 attention-check questions wrong, (2) did not give full consent, or (3) were not in completely abortion-allowed or banned states (e.g., Virginia).As a result, we removed 17 responses.We report our fndings from 183 participants.The average age of our participants was 39 years old.We recruited a balanced sample of participants who live in states where abortion is banned (87/183, 48%) and states where abortion is legal with no gestational limit (94/183, 51%).We summarize our participants' demographic information in Table 2. Complete demographic information can be found in the Appendix C. Note that participants were able to select multiple answers; thus the sum of participants in the fgure may not sum up to 183.Among the 3 participants who indicated using an alternative period-tracking method, one reported relying on an IUD, the others reported keeping mental notes of period dates or using the notepad app on a computer.
Period-tracking apps are the most common tool to track upcoming periods.67% of our survey participants (123/183) reported that they are currently tracking their periods or have previously tracked their periods.The predominant choice for about 51% of our participants (94/183) to track their periods was using period-tracking apps, mainly Flo, Period Tracker Period Calendar, Apple Cycle Tracking, and Clue.Other frequently mentioned methods were using a paper diary or calendar (58/183, 32%) and using birth control pills (49/183, 27%).Preparing for upcoming periods emerged as the most common purpose for using a period-tracking app (81/183, 44%).Other commonly mentioned purposes included becoming aware of how the body is doing (40/183, 22%) and tracking fertility (35/183, 19%).
Desire to download period-tracking apps varies depending on who is recommending.We asked participants to rate their likeliness of downloading a period-tracking app recommended by diferent stakeholders (Table 2).82% of participants (150/183) reported being not at all likely to trust an app recommended by government and law enforcement ofcers.Similarly, most participants were not likely to download a period-tracking app recommended by their employers (137/183, 75%) or insurance companies (99/183, 54%).However, 74% of our participants (136/183) were at least somewhat likely to accept the app recommendations from healthcare professionals.Likewise, 53% of participants (98/183) showed at least some receptiveness to downloading an app recommended by family members.Interestingly, participants showed relatively low receptivity to downloading an app recommended by romantic partners, as 39% (72/183) reported to be not at all likely to do so.

Factors That Infuence Privacy Concerns
Toward Period Tracking (RQ1) We asked participants to rate their concerns regarding using various period-tracking methods.Notably, they were most concerned by the privacy implications of posting on social media about fertilityrelated topics.Using period-tracking apps either on a wearable device, a personal computer/tablet, or a phone generated similar levels of concern, indicating that the choice of devices did not signifcantly impact their privacy concerns (-value > 0.05).
Participants showed relatively lower levels of concern regarding the privacy implications of searching for period-tracking-related information online or engaging in discussions through communication platforms (e.g., WhatsApp).This observation is noteworthy, especially considering that it is the strategy law enforcement currently relies on to criminalize abortion seekers [57].Full results are shown in Figure 3.
To gain deeper insights into the specifc data and privacy practices contributing to participants' privacy concerns, each participant was presented with four randomly selected period-tracking app scenarios.Based on the Akaike Information Criterion (AIC) of the CLMM regression model, the party with whom the data is being shared with (Data Sharing) was the most important factor   Ratings. PTA here refers to period-tracking apps, while PTT refers to period-tracking and fertility topics.
to explain participants' privacy concerns.The second most important factor was the type of controls users have regarding their data (User Control).The type of data collected by period-tracking apps (Collected Data) was the third most impactful factor, and where the collected data is being stored in (Data Storage) was the least important factor in explaining participants' level of privacy concerns toward period-tracking apps.In the remainder of this section, we describe the surfaced themes.When providing a quote from our participants, we include the state where participants live and indicate whether the state legalizes abortion or not using B (banned) and L (legal), e.g., Minnesota, L.
Data being shared with law enforcement is most concerning.Compared to data not being shared with any parties, participants were most concerned about data being shared with government and law enforcement ofcers (row 7: estimate = 4.54, -value < 0.001).Data being shared with law enforcement ofcers signifcantly increased participants' level of privacy concerns even when the described period-tracking apps ofered the control to the user to delete their collected data (row 21: estimate = 1.75, -value < 0.05).When asked to specify the reasons for the level of concern, 37% of participants (67/183) indicated that they perceived their personal data being shared with government and law enforcement ofcers "unacceptable," especially when it comes to data as sensitive as menstrual cycle data.33% of participants (22/67) added that they were confused about why law enforcement ofcers would need menstrual cycle data.P38 said: Sharing personal information of this nature with law enforcement is unnecessary, not to mention incredibly wrong.(Alabama, B) According to P38, the confusion caused by unnecessary data sharing led to their distrust of the app.Importantly, app companies should earn more users' trust by restricting their data sharing with unnecessary third parties that do not directly beneft users' goals of using period-tracking apps.
Besides the lack of necessity, another expressed concern for sharing data with law enforcement was due to "the current political climate in the US." Notably, only 8% of participants (14/183) attributed their privacy concerns to the overturn of Roe v. Wade.P110, who terminated the use of period-tracking apps indefnitely, mentioned: I decided last year, after the overturn of Roe v. Wade, to quit tracking my data completely and decided never Table 3: CLMM regression model to describe how various scenario factors impact participants' level of privacy concerns toward period-tracking data collection and use.Each row corresponds to a single factor and shows the resulting model estimate, i.e., the coefcient, for that factor.The odds ratios are ranked in descending order according to their efect size, represented by the magnitude of the model coefcients ().A positive estimate for a factor-level (e.g., Collected Data: Intimacy Data) implies that transitioning from the baseline of the corresponding factor (e.g., Menstrual Cycle Data) to that level of the factor (e.g., Intimacy Data) would increase the perceived level of concern.A negative estimate refects the opposite of this trend.In addition, we included the AIC value for the model, which represents the model's goodness of ft.
to reuse any tracking apps.The safety and reproductive freedoms in the US are simply too uncertain and dangerous, and although I trust Planned Parenthood, I don't trust the government or some other apps and I am uneasy about my data ever getting shared with anyone or anything else.(Minnesota, L) Since participants saw period-tracking app-related questions before we gave them the context of the overturn of Roe v. Wade as described in Section 3.2.3,we did not prime participants with the infuence of Roe v. Wade.As a result, to some extent, the low percentage of overturn-related responses speaks to the general unawareness of the association between period-tracking apps and the overturn of Roe v. Wade among participants.
Concerns toward potential harms caused by third parties accessing period-tracking apps' data.Third parties were the second most concerning stakeholder to have access to the periodtracking data (row 8: estimate = 3.29, -value < 0.001).31% of participants (57/183) mentioned that they were concerned about how third parties including advertisers and insurance companies could use the period-tracking apps' data against them.P116, who reported to be strongly concerned about data being accessed by insurance companies, said: I suppose some companies and entities could use your negative health history in negative ways like insurance companies charging more because of preexisting conditions.(Oregon, L) With that said, concerns toward third parties can be more persistent than other concerns due to commercial profts.As participants like P116 strongly suspected third parties would beneft hugely from users' period-tracking data, it would be harder for app companies to dispel users' doubts, even with opt-out guaranteed.P105 mentioned: This app does say they will not share my data with anyone, but I wonder if any of my information may be shared without my knowledge.(New Mexico, L) Similar to P105, 11% of participants (21/183) explicitly said that app companies might still share their data despite opt-out.Consequently, app companies must put in more efort to convince users of the efectiveness of their data protection practices instead of simply giving users an opt-out option without further and valid illustrations.
Privacy calculus in data sharing with health professionals.The second least concerning type of data-sharing stakeholder was healthcare providers (row 9: estimate = 2.0, -value < 0.01).10% of participants (19/183) stated healthcare professionals having access to be benefcial for their health goals.P36 mentioned: If the only one shared with was my own doctor, then it would probably be a good app to have, as it helps keep your doctor included in your health goals.(Wisconsin, B) In essence, when participants' needs for such healthcare goals outweigh their privacy concerns, they prefer sharing data, indicating the existence of privacy calculus [46,105] in period-tracking app usage.However, compared to data not being shared with anyone, 9% of participants (17/183) were still signifcantly concerned (row 9: estimate = 7.37, -value < 0.01) about their data being shared with healthcare providers, even if they were being ofered the option to delete collected data (row 20: estimate = 2.84, -value < 0.001).Among these participants, fve explicitly mentioned their desire to have more control over specifc types of data to be shared with health professionals.Hence, a granular sharing setting is important in respecting users' diferent privacy calculus perceptions (detailed in Section 5.3).
Participants are least concerned when data is being shared within the app company only, despite some reservations.In comparison, participants were least concerned about sharing data with the app company only (row 10: estimate = 1.52, -value < 0.01).However, in qualitative responses, participants still demonstrated concerns about data sharing with app companies.19% of participants (34/183) mentioned concerns toward app companies' data security practices.P30 mentioned: My personal health information and intimacy details are exposed in public or private research app companies.I would be worried if my health personal information were misused or in the event of hacking instances, I would become a victim.(Texas, B) When it comes to highly sensitive and risky data, users expect more security for app companies' data storage, preventing events such as hacking.However, as prior work noted, users' sensitive information stored in mHealth apps could be easily leaked through network trafc or log messages without being encrypted [56].
In addition to security practices, some participants (6/183, 3%) were concerned about app companies updating their data practices without notifying users.P7 reported: Their policy to share that data outside of the company could change and I would at the very least like to be informed about that and have the option to delete it.(Indiana, B) Limited user control decreases trust toward period-tracking app companies' claimed practices.Users' control over their period-tracking apps' data (User Control) was the second most efective factor in explaining participants' level of privacy concerns with the apps.The regression results showed that compared to having no control, participants' privacy concerns' signifcantly dropped when being presented with an option to control their data (Table 3).Compared to data-sharing opt-out options, the data-deletion option was more efective in decreasing participants' privacy concerns (row 5: estimate = −2.52,-value < 0.01).
Participants who expressed concerns about not having any type of control over their period-tracking apps' data reported that such lack of control would severely impact their trust toward the apps' companies and their claimed data practices (e.g., not sharing users' data with third parties).P36 mentioned: If you have no user control over your data, how do you know that it is being used ONLY as it says?(Wisconsin, B) Consequently, for users like P36, having more data control means more insights into whether app companies' claimed policies match their practices.Therefore, we suggest increasing users' control to improve the data transparency of period-tracking apps, leading to more users' trust.
Participants were generally less concerned about apps that allowed data deletion.However, if apps shared data with healthcare providers or law enforcement, data deletion no longer reduced concern about the app, as indicated by the observed interaction efect (see rows 20, 21: estimates = 2.84, 1.75; -values < 0.001, 0.05 respectively, Table 3).
Collecting location data is concerning as it is not relevant to apps' main functionality.Among the fve tested levels of data type collected by period-tracking apps (Collected Data), participants perceived the collection of users' location to be most concerning (row 1: estimate = 1.72, -value < 0.001).In their open-ended responses, participants most frequently (49/183, 27%) mentioned that the period-tracking apps' primary functionality should not rely on users' location and, therefore, such data collection is irrelevant and should not happen.This fnding echoes an earlier fnding regarding users' concern toward data sharing with unnecessary and irrelevant stakeholders such as law enforcement.
Intimacy and mental health data are perceived as highly personal and not required for period tracking.Our participants were signifcantly concerned about the collection of intimacy (row 2: estimate = 1.66, -value < 0.001) and mental health data (row 3: estimate = 0.839, -value < 0.01).26% of participants (47/183) found such information to be highly personal and were concerned about this data being accessed by others.P107 noted: Intimacy data is one of the most private parts of a person.There's always a potential mishap of leaked information.(New Jersey, L) Lack of perceived relevancy to period tracking was again a commonly mentioned reason (12/47, 26%) as to why participants were signifcantly concerned about the collection of intimacy and mental health data.P110 said: For intimacy data, I don't feel that it is needed to have to track that.What about it is applicable to menstrual health?(Minnesota, L) Least concerns toward the collection of menstrual data only.Compared to the tested levels of collected data, our participants perceived the lowest privacy concerns toward menstrual data to be collected by period-tracking apps, mainly due to its importance and relevancy for period tracking.P112 reported: The app's limited scope, focusing solely on menstrual cycle tracking, may lead users to believe that the data collected is used solely for the intended purpose without extensive profling or analysis.(New Jersey, L) By now, we have seen participants commonly against irrelevant and unnecessary data collection (location, intimacy, and mental health data) and sharing (with law enforcement).These fndings suggest that users' concern toward period-tracking apps is closely tied to the relevance between data practices and main functionality (detailed in Section 5).
Political party and level of education show a signifcant association with perceived privacy concerns.Our results showed that women identifying as Republicans tended to be signifcantly more concerned about period-tracking apps' data practices compared to their Democratic counterparts (row 16: estimate = 1.11, -value < 0.05).Half of participants who identifed themselves as Republicans were living in states where abortion was banned.Such a higher level of concern toward period-tracking apps' privacy practices might be attributed to the legal landscape of their states.
In addition to participants' political party, there was a signifcant connection between the level of education and participants' reported privacy concerns toward period-tracking apps' data practices.Notably, compared to those having no degree, our participants who reported having a Bachelor's degree were signifcantly more concerned about period-tracking apps' data practices (row 13: estimate = 1.36, -value < 0.01).

Privacy And Risk Mitigation Practices
Toward Period-Tracking Apps (RQ1) Usability and privacy concerns were the primary reasons to delete or switch period-tracking apps.We surfaced several reasons for why some participants (56/183, 31%) switched their period-tracking apps or stopped using them.The most common reasons (30/56, 54%) were the perceived lack of convenience and usability.P110 explained: I was using the Spot On period-tracking/birth control pill monitoring app by Planned Parenthood up until about 2018-2019.I initially stopped using it because it became high maintenance to remember to log my data every day.(Minnesota, L) Following the poor usability, privacy concerns were the second most mentioned reason (12/59, 20%).Among them, 42% of responses (5/12) specifed the overturn of Roe v. Wade as the main reason to stop using period-tracking apps or switch to a more privacyprotective app.P102 mentioned: I think there was one called Flo.I decided to stop using the apps and switched to Apple Health for tracking when Roe v. Wade was overturned.(Colorado, L) Notably, looking at the fact that only 8% of all participants attributed their concern to the overturn of Roe v. Wade (Section 4.2), the proportion of participants who stopped using period-tracking apps due to the overturn was even lower (5/183, 3%).This may suggest that the overturn of Roe v. Wade has played a limited role in female users' privacy concerns and practices toward period-tracking apps.
Only a few participants took steps to mitigate their privacy concerns.Among our participants who expressed concerns toward period-tracking apps' data practices, only 9% (16/183) reported taking steps to manage their privacy concerns.Deleting the periodtracking apps was the most commonly used strategy to mitigate privacy concerns (6/16, 38%).Another practice that 31% of participants (5/16) mentioned was to seek information about the apps' data practices.P110 reported: I have taken the steps of reading an in-depth explanation of the app's security and sharing practices.In the example of the Spot On app, I read their privacy policy cover to cover and ensured that they would not share data.(Minnesota, L) 91% of our participants (167/183), however, mentioned that they had never used any mitigation strategies, mainly due to their lack of privacy knowledge and awareness.P127 mentioned: I have not yet done this as I was unsure how to proceed with this, and I did not know if these steps would be successful.(New Jersey, L) 13% of participants (2/16) reported that despite their concerns, they still had to use the app for health purposes.P11 said: I am not too concerned.I need to keep track of my cycles because I literally can't function on day 2 and 3. (Texas, B) 13% of participants (2/16), who lived in states where abortion was legal, reported that they felt safe and, therefore did not feel the need to take any further steps.P123 mentioned: I live in a state in which I feel safer about my reproductive health options; I do not feel scared that my data would impede my ability to get the care I need.(Minnesota, L) In summary, echoing prior work [78], most participants did not do anything other than delete their apps.In addition, we found that for the majority of participants who did not have any mitigation practices, feeling uninformed, dependence on the app functionality, and living in abortion-legal states were the primary reasons.

Privacy Attitudes And Awareness Toward
The Overturn Of Roe v. Wade (RQ2) We asked participants about their familiarity with the overturn of Roe v. Wade and its impact on their privacy perceptions and practices of period-tracking apps.Concerns toward potential privacy implications of the overturn of Roe v. Wade.Almost all participants reported to be at least slightly familiar with the overturn of Roe v. Wade.For 60% of participants (110/183), the overturn impacted their perceived concerns toward data practices of period-tracking apps (Figure 4).These participants expressed concerns about the potential consequences of period tracking.They suspected the data from period-tracking apps could be used to detect abortion and even criminalize users accordingly.7% of those (8/110) mentioned in their open-ended responses that they had never thought about the potential privacy implications of the overturn before taking the survey, expressing appreciation to our study for raising their privacy awareness.
Our quantitative results showed that those who reported that the overturn impacted their privacy concerns indeed perceived signifcantly higher concerns (-value < 0.05) toward data practices of the presented period-tracking app scenarios.48% of those participants (53/110) predicted that the overturn would increase the chances for law enforcement to track individuals.P75 said: If they are tightening abortion laws and basically making it illegal (I live in the South), then they are going to start looking at our data.(Texas, B) Among these participants, 17% of them (9/53) expected an increase in using period-tracking apps in case of need for abortions post the overturn.P9 mentioned: If access to safe and legal abortions becomes restricted or limited, individuals might rely more heavily on period-tracking apps to monitor their reproductive health.This could increase the amount of sensitive and personal health data shared with these apps.(Tennessee, B) For 38% of participants (70/183) who perceived minimum or no privacy impact of the overturn of Roe v. Wade, they explained that they could not envision how the shared data would impact them in practice.P18 reported: I never thought that the overturn would cause law enforcement or healthcare providers to require app companies to share period-tracking data with them.
But even if so, I'm not sure how it will impact the users since usually you just mark your starting date, mood, weight, etc. (Washington, L) In summary, after participants were explicitly asked about the infuence post the overturn of Roe v. Wade, most participants indicated their perceived huge infuence.This may suggest that users' privacy concerns toward the overturn exist but have not yet been contextualized in their period-tracking app usage (detailed in Section 5.1).

Privacy Expectations Toward
Period-Tracking Apps (RQ3) We asked participants what privacy features they would like to have in period-tracking apps.In addition, we asked them who they believe is most responsible for protecting their period-tracking apps' data privacy and how.

Desired Privacy Features
In Period-Tracking Apps: Usable Controls, Encryption, Granularity, And Anonymization.Collectively, our participants have expressed interest in features that can empower them with more data control, encryption, granularity, and anonymization.Among these features, more usable controls (e.g., data-deletion settings) were mentioned most (16/62, 26%).Having end-to-end encryption was the second most frequently requested feature (12/62, 19%).P24 mentioned: I wish there was an option to have the data be end-toend encrypted so that not even the company knows the details of what I'm sharing with the app.(Texas, B) For participants like P24, end-to-end encryption features would allow users to have more autonomy over their interactions with the apps.Having granular permission settings for data access was another feature our participants requested for more data control (9/62, 15%).P9 explained: Allowing users to customize permissions for diferent aspects of the app, like sharing data with other users or health professionals, could provide more control over their information (Tennessee, B).
From participants' qualitative responses, we can see diferent participants showed diferent receptivity to health professionals' having access to period-tracking data.They also had diferent perceptions of what types of information could be shared with health professionals.Therefore, a granular permission setting can help people with diferent privacy preferences better customize their choices, increasing users' autonomy over their data.In addition, 6% of participants (4/62) mentioned data anonymization as their desired privacy feature in period-tracking apps.These participants wanted their data to be anonymized before data collection and sharing.

Stakeholders Who Are Responsible
To Protect Period-Tracking Apps' Data.In response to the multiple-choice questions regarding perceived stakeholders, 87% of participants (159/183) considered app developers to be most responsible for protecting their periodtracking apps' data privacy.Notably, participants' primary concern well aligns with what has been suggested in prior work [106] developers perceive reproductive data as "simply another piece of data rather than health data that is sensitive in nature" [106].In addition, 49% of participants (90/183) perceived users as most responsible for protecting their own privacy.48% (87/183) indicated mobile app store companies (e.g., Apple, Google) to be responsible, and 18% (33/183) attributed the responsibility to the government.
Call for app companies to improve the transparency of their privacy and security practices.In qualitative responses, participants who perceived the period-tracking app companies to be most responsible (146/183, 80%) requested the companies to 1) let users have more control over data deletion and sharing (80/183, 44%), 2) make privacy policies and user agreements transparent, simple, and straightforward (49/183, 27%), and 3) make sure the data is safe from law enforcement (11/183, 6%).
In particular, participants who expected more transparency (36/14 6, 25%) reported that they would most like to know about 1) the purposes of data usage (12/36, 33%), 2) whenever their data is being shared and with whom it is shared (12/36, 33%), 3) the benefts and risks of data sharing (7/36, 19%), 4) the types of controls that are available to users (3/36, 8%), 5) and the possibility of data recovery after deletion (2/36, 6%).For instance, P110 was interested in having easy access to information about data practices of period-tracking apps: I like to know if my data is being shared, and if so, where it is being shared.I'd also like to know how permanent my data is-as in, if I delete it, will it be permanently deleted or can it be recovered via some sort of hard drive of data kept by the app developer?(Minnesota, L) P110's response covered many types of data transparency that are currently largely unavailable to users of period-tracking apps [4,117].For participants, data transparency is particularly important in the current political climate in the US.Hence, it is worth noting that eleven participants explicitly requested data safety from law enforcement.In better protecting users' reproductive privacy from law enforcement, we propose technology-based recommendations in Section 5.
Call for enhancing privacy law regulations.Participants (37/183, 20%) requested law sectors to enhance privacy regulations and protect users' data in period-tracking apps.P110 noted: I want to see a law passed that protects the privacy of all users of these apps AND their data.I also want to see that law upheld and not challenged by the courts.I think it is an infringement on our freedoms and privacy and should already be protected by amendments, but it isn't always.(Minnesota, L) P110 emphasized law enforcement's role in ensuring their reproductive data can be unconditionally protected while acknowledging the reality, i.e., reproductive data is not always protected by amendments.Participants like P110 were correct, as reproductive data protections are poorly defned under several major legal frameworks in the US and beyond, e.g., HIPAA (US) [102], GDPR (EU) [79], MHRA (UK) [80].In improving the efectiveness of law regulations for reproductive data, we propose policy-based recommendations in Section 5.
In summary, according to participants, there are many responsibilities to be fulflled by app companies and law enforcement.Thus, a multi-stakeholder ecosystem must be established for more privacy support for female users of period-tracking apps, as their functionality still remains essential for some users (Section 4.3).In the next section, we will propose more actionable recommendations.

DISCUSSION
In brief, our fndings highlight that among the tested data practices, the set of parties with whom the data is being shared was the most efective factor in impacting participants' privacy concerns toward period-tracking apps.More specifcally, sharing with law enforcement was most concerning to participants (RQ1).Despite expressing signifcant concerns about the data practices of periodtracking apps, very few participants felt sufciently empowered to take action beyond deleting the apps (RQ1).Our results showed that although most participants were familiar with the overturn of Roe v. Wade, they lacked sufcient awareness of how such an overturn might impact their reproductive privacy (RQ2).To protect their privacy, participants called for app companies and law enforcement to enhance their privacy practices and regulations (RQ3).In this section, we frst discuss how our work extends the prior work in this area.With the key takeaways summarized, we then propose actionable recommendations grounded in our fndings and related work.

(Re)contextualizing Women's Privacy
Concerns Toward Period-Tracking Apps Post Roe v. Wade Extensive prior work has discussed people's privacy perceptions and attitudes toward mHealth applications [45,56,88,124], suggesting that people generally have concerns toward mHealth applications, especially when the applications collect sensitive health data [1,80].Building on this strand of work, our work has focused on women's privacy perceptions and attitudes toward their periodtracking data.However, in contrast to prior work, we focused on whether and how the changing landscape around abortion laws in the US has changed women's privacy perceptions, attitudes, and practices.Without being explicitly asked about the overturn of Roe v. Wade, only 8% of our participants reported becoming more concerned about the data practices of their period-tracking apps due to the overturn (Section 4.2).This suggests that the majority of participants were not aware of the privacy implications of the overturn for their period-tracking practices.
Before being reminded about the overturn of Roe v. Wade, our participants' privacy concerns and attitudes were similar to the prior work focused on non-US users of FemTech (e.g., period-and fertility-tracking apps) [1,11,58,80].For instance, a 2023 UK-based study [80] found that FemTech users expressed concerns toward data sharing and users were generally unaware of their legal rights and technological privacy-enhancing protections.
We observed similar trends in our participants' privacy attitudes and practices.However, compared to the UK, where abortion is generally legal within the frst 24 weeks of pregnancy [2], women's reproductive rights in the US have constantly been worsening since the overturn [119].Even when being directly asked about the overturn of Roe v. Wade, about 40% of participants still reported that the overturn had no impact on their period-tracking practices (Section 4.4).38% of participants mentioned that they could not imagine how period-tracking apps share their data with law enforcement (Section 4.4).However, we have already seen cases where abortionseeking women had been prosecuted for their access history to an abortion-related website, evidenced by US law enforcement [128].
Our fndings suggest that due to a lack of risk awareness in the post Roe v. Wade context, women may still compromise their reproductive privacy to use such technologies.We argue an imperative need to contextualize women's privacy concerns toward period-tracking apps post Roe v. Wade.To help improve women's privacy awareness in the context of the overturn, we further provide actionable recommendations in Section 5.3.

Defning "Necessary" Data Practices and Data Safety from Governments
One prominent fnding in our study is that participants expressed great concerns toward data practices whenever they were "unnecessary" and "irrelevant" to period tracking.For example, in participants' qualitative responses, the collection and/or sharing of non-menstrual cycle data (location, mental health, and intimacy data) with other parties, including third parties and law enforcement, were largely concerning (Section 4.2).Similarly, in another FemTech privacy study, participants urged apps not to require irrelevant information when signing up, such as home addresses [80].
As prior work has pointed out, reproductive health data has not been explicitly covered or defned in many major legal frameworks worldwide [43,79,80,102], including HIPAA (US) [102], GDPR (EU) [79], and MHRA (UK) [80].Moreover, Mehrnezhad et al. [79] evaluated the privacy notices and tracking practices of 30 top fertility-tracking apps, suggesting that these apps' indiference to users' privacy in their policies and data practices has been poorly regulated or defned by GDPR.
In the US, policy-based eforts have been made since the overturn, but we argue that these eforts still entail further improvement in defning "necessary" data practices.Since the overturn of Roe v. Wade, some policies have been released, particularly in response to the reproductive privacy crisis, including the My Body, My Data (MBMD) Act in 2022 [29] and My Health, My Data (MHMD) Act in 2023 [113].In response to the gap of period-tracking data not being covered by HIPAA, the MBMD Act [29] aimed to control the sharing and sale of reproductive health data to third parties "except as is strictly necessary to provide a product or service."However, there is no defnition or any information regarding what exactly could be considered as "strictly necessary."Theoretically, an app could still argue the necessity of providing the data for governments if requested.
Hence, another imperative problem with this Act lies in its oversight of law enforcement as a potential data-sharing party.Considering the worsening landscape around abortion laws, participants in our study expressed concerns about data sharing with law enforcement (Section 4.4).As requested by our participants, periodtracking app companies should make sure their data is safe from law enforcement (Section 4.5.2).However, in this Act, we found no information on how app companies should handle users' data when law enforcement requests it.In response to this alarming gap, we further provide recommendations in Section 5.3.

Calling For Privacy-Enhancing
Technologies, Policies, and Education Having discussed the imperative need to recontextualize women's privacy awareness and defne necessary data practices post the overturn of Roe v. Wade, we now provide more concrete directions for privacy-enhancing technologies, policies, and education.
Technologies: Increasing data transparency, user control, and protections from law enforcement.Participants in our study called for app companies to enhance data transparency, user control, and protections from law enforcement (Section 4.5.2).Prior work has shown concerning facts about the data transparency of mHealth and period-tracking apps [3,79,117], including missing privacy policies [3,117] and privacy-related content in their policies [79].Besides privacy policies, another existing data transparency mechanism is privacy nutrition labels, which draw from the physical metaphor of food nutrition labels to enhance people's privacy awareness [34,[36][37][38]68].Hence, our frst recommendation is to enhance the data transparency of period-tracking apps by referencing existing mechanisms, as mentioned above.In particular, when using existing data transparency mechanisms for periodtracking apps, it is worth taking relevant legal frameworks into account, especially the newly-released MBMD and MBMH Acts as mentioned in Section 5.2.Avoiding ambiguity when demonstrating the regulations in the policy is critical [79], such as defning what would happen if law enforcement requests data.Notably, participants in our study mentioned they had trust problems with period-tracking apps' policies because selling health data to third parties such as insurance companies was perceived as hugely proftable (Section 4.2).To enhance the credibility of data transparency mechanisms, we argue that more user control is needed.
Having more user control would also be benefcial for users with diverse privacy attitudes toward diferent data types and datasharing parties (e.g., health professionals) (Section 4.5.2).Hence, we suggest adding user control settings with wide choices and high granularity.We also emphasize that app companies must go beyond simply ofering more user control settings.They should prioritize making these settings accessible and straightforward.For example, it is recommended to avoid the pitfalls of the privacy communication game [20], a strategy where apps superfcially enhance privacy controls but intentionally design them to be complex or unclear.
Considering the potential data request by law enforcement post Roe v. Wade, we also suggest companies make it clear how they plan to handle data requests by law enforcement.As mentioned by participants, they would like their data to be anonymized before data collection (Section 4.5.2).Therefore, in protecting users from potential prosecution, it is worth considering not requiring users to input any personally identifable information when signing up.For instance, apps can ofer the users an option to use pseudonyms or not require an account for usage at all.
Policies: More considerations for potential conficts with law enforcement and anonymization.As we have seen from the newly-released MBMD Act [29], data protection from law enforcement has not been defned yet.In future policies regarding data privacy of period-tracking apps, we recommend three considerations.First, policies should clearly specify if law enforcement can request access to reproductive health data from companies.This is particularly critical considering some of our participants expressed a lack of concern toward the overturn of Roe v. Wade, primarily because they perceived it unrealistic for law enforcement ofcers to have access to their period-tracking data (Section 4.4).Additionally, if law enforcement is likely to have data access, companies should be required to inform users in advance.
Education: Enhancing public awareness through the press and K12 curriculum.Since the overturn of Roe v. Wade, the number of articles about the dangers of women's mHealth apps has risen [32].However, as we have seen from our participants' responses (Section 4.2) and our discussion regarding the recontextualization of women's privacy concerns post the overturn of Roe v. Wade (Section 5.1), more education eforts might be needed from the press and schools.The press is responsible for educating the public about the consequences of any unwary use of period-tracking apps, such as prosecution [65,128].In addition, schools could consider incorporating period-tracking app usage post the overturn of Roe v. Wade into their sex education or menstrual-related curricula.

CONCLUSION
Period-tracking apps track and collect a wide range of highly sensitive data, including women's menstrual cycle, pregnancy, sex life, location data, etc.The privacy concerns of period-tracking apps have been aggravated since the overturn of Roe v. Wade, which took away the constitutional right to abortion and led to diverse abortion laws across diferent states in the US.Given the current context, it is crucial to understand women's privacy perceptions and practices toward period-tracking apps.Moreover, how much knowledge and awareness women have about the impact of the overturn on their reproductive privacy is also a critical question to investigate in support of reproductive justice.In this study, we conducted a vignette survey study with 183 female participants in the US, who were evenly distributed in abortion-allowed and banned states.Our fndings suggest that participants generally lacked awareness and information about period-tracking apps' data practices in the post Roe v. Wade era, despite showing privacy concerns.To better raise women's reproductive privacy awareness and empower them with more privacy-enhancing actions, we provide several actionable recommendations for diferent stakeholders.
-Yes -No If "Yes" is selected -Please explain what changes you have applied to your period tracking habits due to the overturn of Roe v. Wade.If "No" is selected -Please explain why you have not applied any changes to your period tracking habits due to the overturn of Roe v. Wade.

Figure 1 :
Figure1: Distribution of participants by period-tracking tool used.Note that participants were able to select multiple answers; thus the sum of participants in the fgure may not sum up to 183.Among the 3 participants who indicated using an alternative period-tracking method, one reported relying on an IUD, the others reported keeping mental notes of period dates or using the notepad app on a computer.

Figure 2 :
Figure 2: Distribution of downloading a period-tracking app based on diferent stakeholders' recommendations.Ordered by 'Extremely likely' Ratings.

Figure 3 :
Figure3: Distribution of privacy concern levels towards different period tracking practices.Ordered by 'Very concerned' Ratings.PTA here refers to period-tracking apps, while PTT refers to period-tracking and fertility topics.

Figure 4 :
Figure 4: Participants' (a) knowledge level of the privacy practices of their PTA, (b) familiarity with the overturn of Roe v. Wade, and (c) perceived impact on concerns toward the privacy of their PTA post the overturn of Roe v. Wade.

Table 2 :
Demographic breakdown of survey participants.Note that for race, participants were able to select multiple answers.

•
What is your age?Please leave this question blank if you are not comfortable sharing your age.• How do you describe your current gender identity?-Cisgender Female -Cisgender Male -Transgender Female -Transgender Male -Non-binary -Prefer to self-describe (please specify) -Prefer not to say • Do you identify as a member of the LGBTQ* Community?-Yes -Maybe -No -Prefer not to say • How do you describe your race or ethnic identity?(select all that apply) -American Indian or Alaskan Native -Asian -Black or African American -Hispanic or Latino, or Spanish Origin of any race -Native Hawaiian or Other Pacifc Islander -White -Prefer not to say -Other (please specify) • What is the highest degree you have earned?-No schooling completed -Nursery school -Grades 1 through 11 -12th grade-no diploma -Regular high school diploma -GED or alternative credential -Some college credit, but less than 1 year of college -1 or more years of college credit, no degree -Associate's degree (for example: AA, AS) -Bachelor's degree (for example: BA.BS) -Master's degree (for example: MA, MS, MEng, MEd, MSW, MBA) -Professional degree beyond bachelor's degree (for example: MD, DDS, DVM, LLB, JD) -Doctorate degree (for example, PhD, EdD) -Prefer not to say • What is your current marital status?

Table 4 :
Complete demographic information of our participants.