Women’s health apps are more than a trend—they’re revolutionising digital health. With the market set to soar from $3.7 billion in 2023 to $9.8 billion in 2028, the potential is undeniable. But here’s the kicker: a deep dive into the top 20 Play Store apps revealed a shocking gap in data privacy, with only one app meeting standards.
To unpack this, we had a nice conversation with Anastasiya Markvarde, Senior Innovation Manager at EVERSANA and a key thought leader in this space. Dive in to see how she’s navigating these challenges and leading the charge for safer, smarter women’s health solutions.
➡️ Thanks, Anastasiya, for your time. Let’s start with a general question: what is your opinion of the market overall? Are the startups delivering the promised value?
Anastasiya Markvarde: Thanks for this great question and the opportunity to discuss this topic.
The founder of Clue coined the term FemTech in 2016 to describe a set of technologies designed to address women's health issues. At that time, it was a great step forward to define FemTech as a separate industry - shaped as a response to inefficiencies in women's healthcare.
I wouldn’t want to go too far back in history. Still, one example of how deeply these inefficiencies are rooted in our healthcare system is that there were no women doctors until the 17th and 18th centuries because women were not allowed to get trained and work as doctors. Therefore, there were no doctors who understood women's bodies. So basically, until a few centuries ago, we didn't even know the exact position and functions of the organs in women's bodies and how they work. Together with more recent examples, like the exclusion of women from clinical trials from 1977 to 1933, we ended up with a big gap in women’s health that FemTech apps are now helping to address.
In less than 10 years, the market has grown significantly: Flo, one of the well-known menstrual trackers, now claims to have 350 million users worldwide. The financial side of women’s health startups also demonstrates growth: we have around 70 unicorns in the segment by now.
➡️ How do you see the future of this market in the next few years?
Anastasiya Markvarde: I think we are moving away from just FemTech towards Women's Health. By this, I mean that the industry is evolving, and the technology solutions are becoming more sophisticated and starting to address more complex issues. For me, "Women’s Health" embraces not only apps for women-specific conditions but also approaches and solutions, making healthcare include and account for women in a broader way.
Last month, the universities of East Anglia, Sheffield, and Leeds were able to diagnose 16% more women with heart failure by fine-tuning the method to derive pressure in the heart non-invasively using an MRI scanner. Women appear to be suffering disproportionately from a type of heart failure where the pumping function of the heart is preserved, but the ability of the heart to relax is impaired. Thus, women's hearts can respond very differently to increases in pressure.
This industry evolution can also be noticed in the B2C segment: many apps that started as B2C are moving into research and clinical areas through partnerships. So, for example, we saw that Clue (a period tracker) partnered with OURA—and the University of California Berkeley to conduct a study on the impact of perimenopause on women's health.
Flo conducted a study (published in Nature Partner Journal Mental Health this January) on the effects of acute stress on pain perception in Ukrainian women suffering from the Russia-Ukraine conflict, using de-identified data from 88,000 Flo users. The study concluded that the highest stress levels were linked to lower pain sensitivity. This is the first documented real-life example of extreme stress being connected to reducing pain sensitivity, and it was also used for research.
Logically, the industry started with low-hanging fruit, with simpler things like period tracking. It has been focused on fertility for quite a while because of a particular bias: fertility is much better understood by male investors, for example, than menstrual disorders. I hope we are advancing toward research, diagnostics, and treatment for women regardless of their condition.
➡️ Do you have other interesting women’s health cases to mention?
Anastasiya Markvarde: Yeah, of course, I have plenty. As you might know, women suffer disproportionately more from autoimmune diseases. The recent Standford study revealed a research gap: usually only male chromosomes were used for research, and it went entirely unnoticed for many years that a specific molecule called Xist - that exists only in women - can generate antibodies to a woman’s tissues, which leads to the increased risk of autoimmune disease.
This example illustrates a potential target for women’s health-focused companies, including innovative and technology solutions, in the upcoming years: contribute to high-quality research that includes women and pays attention to women’s physiology.
➡️ We see these companies growing but also making mistakes regarding data privacy. What are the main mistakes you see in tech and data handling practices from companies and startups in this scenario?
Anastasiya Markvarde: FemTech apps are not so different from other health apps. We all heard the case of Flo, who is suspected to have been sharing women's health data and cycles to Facebook through SDK. Flo never acknowledged data misuse, but in 2019, they settled a deal with FTC in the US. However, in Canada, the class action lawsuit is still being filed.
Looking at the recent study by King’s College London and University College London analysed 20 of the most popular women's health apps in the Play Store. After different tests, the researchers concluded that only one app was not violating any data privacy policy - unfortunately, this is still possible in the B2C space. We should call for much higher data privacy standards in the women’s health and digital health industry in general.
Jovan Stevovic: I agree with Anastasiya that those apps resulted from low-hanging fruit in the B2C market. Great entrepreneurs had an idea, implemented it, and tested it fast in a non-regulated market. Some of them chose a very strict approach to privacy (perhaps even too much), and some decided to be much more interested in testing out and growing a solution.
They made technical mistakes, sometimes a bit more legal, but they are all classic mistakes we have also seen in other startups. They had hundreds of thousands of users and very sensitive data points, and their mistakes led to them being considered evil companies like Facebook.
The B2C market is such that there are no regulatory checkpoints, so nobody will check what you are doing or if there are other mistakes you're making. So those companies focused on the go-to-market instead of more control and analysis of what they were doing on security and privacy than in general.
➡️ Dealing with sensitive data is a daily routine in the digital health industry. We hear about misuse of those data every month now. What is the risk perception about the misuse of health data by tech startup founders and users? Did you notice any article or concern about working with Femtech startups if they lose users' trust?
Anastasiya Markvarde: We heard that some period tracking app users deleted them after discovering privacy issues. In particular, in countries with no access to safe abortion, the leak of period tracking data can lead to really unfortunate consequences for women. In response, for example, I saw Flo implementing an anonymous mode, which claims to protect the user's identity as much as possible with different methods. As with technology in general, the users will continue using the technology until the perceived value outweighs perceived data privacy threats. Just a week ago, there was a big leak of Google documents highlighting different breaches of their data practices - but we continue to use their products. This is not to say that we should just ignore the risks with women’s health companies, but I hope we can work together as an industry to provide adequate data safety levels for women, valuing their trust.
➡️ Working with B2B, we know that the mindset and approach to data privacy security are important in this business. To start selling, it’s vital to comply with both administrative and technical requirements defined by the GDPR. What about the B2C scenario? Should B2C startups (in general) have a more stringent approach to users’ privacy?
Jovan Stevovic: We need more clarity on risk assessment methods and best practices. Startups make many legal, security, and practical/technical errors, so they should be better helped from the regulatory and consultancy points of view. We (as consultants) must do even better on this topic to make this information more accessible and cost-effective.
Typically, startups build an MVP, test it out, and start growing with it.
Perhaps they forget to pay enough attention to security or acquire some consultancy to prove they're doing the right thing.
In the B2C space, they go until they find any issue, but sometimes, that's too late. That happened, and we saw that the results were impactful and made a lot of noise in the newspaper.
The B2B space is different: digital health companies sell to hospitals, insurance, and pharma, so they have less visibility and exposure. Still, the businesses to whom they are selling are auditing them and checking whether they are safe enough.
➡️ Digging more into the B2C market. Why should users care about privacy in general?
Jovan Stevovic: It's fundamental that people have the freedom to be anonymous or use those solutions in a very controlled way. Data protection and privacy are about having control over your data, so we would like to have that and push all companies to create digital solutions to give more transparency over the data.
We need more data sharing, but we also need more controls, tools, and solutions so that people are aware of and able to control their data correctly.
Anastasiya Markvarde: I agree that the right to data privacy is fundamental, and the users must know they are entitled to this right thing. I could add from a woman's perspective that periods, for example, have already been considered a shameful topic with not enough quality research and information about them. Hence, privacy leaks of such sensitive data in the segment that has been traditionally marginalised and disregarded must feel especially painful for women.
➡️ Why do so many companies get it wrong on data privacy and GDPR? It seems no startup out there is safe from data privacy scandals nowadays.
Jovan Stevovic: Just to reassure you, it's a minority of companies that have some scandals or news about their errors or misbehaviours. Again, in the B2C space, certain topics are much more sensitive from the perspective of the end users. It's also easier to create news articles to write about that and create awareness about this topic.
But errors are happening, and more and more will happen.
Last month, we saw a huge data breach of SynLab, where the hackers stole 1.5 terabytes of blood lab results in Italy. This huge dataset was published online with a counter for a ransom. So, we are talking about millions and millions of results. Is this a startup? No, this is a huge company, a market leader. Is this making enough noise? No, because it’s a severe security breach. So, we see a bit of disproportionality between the treatment of something important and startups.
➡️ Do you see a change in the approach of new digital health founders towards this topic?
Jovan Stevovic: I see that founders are more aware of the need to face these challenges. They need to reach a certain level of compliance because they will be audited by their customers (in the B2B space), and they need to do that to grow. Those audit processes are becoming more and more complex.
B2C, for example, DTx, has been a hot topic in Europe in the last couple of years, with German DiGA and French PECAN. From the first day, we have seen that the complexity of demonstrating compliance has increased exponentially, and so has the cost!
A startup that wants to be a DTx and launch it in Germany as a DiGA will have at least €150,000 of costs on data protection compliance, security and privacy, which is something unbelievable considering that typically in the B2C space companies didn't even spend any money compliance some years ago.
So the topic of the market is getting much more tougher. But it's again still driven by the need to sell, and to gain the trust of the end users.
Thanks for reading this article! If you want to know more about this topic, make sure to follow Anastasiya and Jovan on LinkedIn!
👉 Anastasiya Markvarde on LinkedIn
👉 Jovan Stevovic on LinkedIn
Looking at how to be GDPR compliant? Chino.io, your trusted compliance partner
Working with experts can reduce time to market and technical debt and ensure a clear roadmap that you can showcase to partners and investors.
At Chino.io, we have been combining our technological and legal expertise to help hundreds of companies like yours navigate regulatory frameworks and regulations, enabling successful launches and reimbursement approvals.
We offer tailored solutions to support you in meeting the GDPR, HIPAA, AI ACT, DVG, or DTAC mandated for listing your product as DTx or DiGA.
Want to know how we can help you? Reach out to us and learn more.
Subscribe to the Chino.io newsletter to get monthly updates on compliance, data privacy, and security.
