Abstract
Menstrual cycle tracking apps and their accompanying wearables, collectively known as FemTech, promise women health insights in a healthcare system that often fails to treat problems that primarily affect women. FemTech lets users map their cycles, recognize symptoms, experience non-hormonal birth control, and contribute to long-overdue research on conditions like endometriosis, PCOS, and perimenopause. But after Dobbs v. Jackson Women’s Health Organization, the same datasets that empower users have also become valuable in criminalizing abortion-related crimes. Because most FemTech privacy policies fall outside HIPAA, intimate logs of bleeding, sex, mood, and biometric signals can now be criminal evidence in states that criminalize abortion. Now, women make the choice between the health benefits of tracking and the legal risks of being tracked. Existing frameworks like HIPAA expansion proposals, FTC enforcement, or general consumer privacy bills, are inadequate. HIPAA provides an explicit exemption for actions by law enforcement, the FTC acts ex-post, and federal bandwidth is stretched too thin to police a fast-growing sector.
This paper argues for a new legal-technical architecture that embeds privacy protections directly into the datasets themselves. It proposes cryptographic “purpose tags” as a means to achieve privacy protection from law enforcement and other bad actors without sacrificing innovation in women’s health research. Cryptographic “purpose tags” are metadata that travel with a dataset and restrict its use to approved women’s health research bodies. Non-approved entities do not have the technical ‘key’ to unlock and read the datasets. The tags are machine-readable-restricting covenants: legally enforceable through contract and technically enforced through cryptographic tools like zero-knowledge proofs and secure multi-party computation. This idea has already been circulated in the medical field as a mechanism for protecting patient medical records. Coupled with a “Research-Only” certification system operated by a neutral third party, this framework shifts the burden of privacy from users to institutions and restores the possibility of a feminist data commons. By redesigning how data is generated, this approach aims to protect users from surveillance while preserving the unprecedented research potential of FemTech.
Recommended Citation
Sofia MakePeace,
PERIOD-PROOFING YOUR DATA,
21 Wash. J. L. Tech. & Arts
(2026).
Available at:
https://digitalcommons.law.uw.edu/wjlta/vol21/iss3/6
Included in
Computer Law Commons, Entertainment, Arts, and Sports Law Commons, Intellectual Property Law Commons, Internet Law Commons