There was a time when the most intimate record of a woman’s reproductive health existed in conversations with her doctor or in the privacy of her own journal. Those details belonged to her. They reflected moments of hope, anxiety, heartbreak, uncertainty and joy that were never intended to travel beyond the people she trusted most. Today, millions of women voluntarily record those same experiences inside applications that promise convenience, prediction and empowerment. Few stop to ask what becomes of that information once it leaves their phone, and fewer still appreciate the extraordinary value it holds in an economy increasingly built on data.
As someone who has spent years advising boards and executive committees on cyber risk, privacy and information governance, I find this deeply unsettling. My concern is not with technology itself. Menstrual tracking applications have undoubtedly helped many women better understand their bodies, identify health conditions and navigate fertility with greater confidence. My concern begins at the precise moment that deeply personal health information becomes a commercial asset. That is the point at which innovation demands far greater scrutiny than glossy marketing campaigns are willing to invite.
The FemTech industry has experienced remarkable growth, attracting billions in investment and positioning itself as one of the most significant developments in digital healthcare. Yet behind the language of empowerment lies an uncomfortable commercial reality. Data has become one of the world’s most valuable commodities, and few datasets possess greater commercial, analytical or predictive value than those capable of revealing the rhythms of a woman’s reproductive life. Every symptom entered, every cycle logged, every medication recorded and every emotional observation contributes to a profile of astonishing depth. Collectively, those entries reveal not simply biological patterns but the intimate story of someone’s life.
That story can expose fertility challenges, pregnancy, miscarriage, hormonal disorders, menopause, sexual activity, mental health trends and medical conditions that many women have chosen not to disclose even to members of their own family. The information is intensely personal precisely because it speaks to identity as much as it does to health. If someone placed those same details inside a handwritten diary, almost everyone would instinctively recognise the obligation to protect it. Yet when identical information is entered into an application with elegant design, reassuring colours and carefully drafted privacy notices, our instincts appear to soften. The sensitivity has not diminished. Our perception of risk simply has.
The data protection profession has spent years discussing lawful bases, transparency obligations and accountability frameworks. Those principles remain essential, but they are no longer sufficient on their own. The question women should be asking is not merely whether a company complies with data protection law. The more important question is whether that organisation deserves custody of such profoundly personal information in the first place. Compliance establishes a legal minimum. Trust demands a far higher standard.
Every board should recognise that reproductive data is fundamentally different from ordinary consumer information. A shopping history reveals preferences. A streaming service reveals entertainment habits. Menstrual and reproductive data reveals a person’s health, relationships, aspirations, vulnerabilities and some of the defining moments of her life. Organisations that collect such information should therefore accept responsibilities that extend well beyond regulatory compliance. They become custodians of human dignity, not merely managers of databases.
History repeatedly demonstrates that information collected for one purpose rarely remains confined to that purpose indefinitely. Organisations merge. Business models evolve. Investors change strategic direction. Governments introduce new legislation. Political climates shift. Advances in artificial intelligence continuously increase our ability to derive fresh insights from historical datasets. Information that appeared harmless five years ago may become extraordinarily revealing when analysed alongside entirely different categories of personal data. That is precisely why privacy professionals have long argued that the greatest risks emerge not from individual datasets but from the accumulation and correlation of many datasets over time.
Women should not have to understand cloud architecture, third-party processing agreements or international data transfers before deciding whether to track their menstrual cycle digitally. They should not need legal expertise to understand who might access their information five years from now, whether that information could survive a corporate acquisition or how long copies remain within backup environments after an account has supposedly been deleted. These are governance questions, and governance is ultimately a leadership responsibility. It belongs in the boardroom, not hidden inside lengthy privacy notices that few people have the time or expertise to interpret.
This is the challenge facing the FemTech industry today. The organisations that will command lasting public confidence will not necessarily be those capable of collecting the greatest volume of information. They will be those disciplined enough to collect the least. Privacy by design must become more than a regulatory slogan. It must become a commercial philosophy that recognises restraint as a competitive advantage rather than an obstacle to growth. Companies that genuinely respect women should demonstrate that respect through architecture, governance and product design rather than marketing language alone.
Technology should empower women to understand their bodies without quietly transforming those same bodies into commercial datasets. The future of digital health will not be determined solely by innovation. It will be determined by whether organisations prove themselves worthy of the extraordinary trust millions of women place in them every single day. That is a test that extends far beyond compliance, and it is one the entire technology sector can no longer afford to fail.
- business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.comÂ
Michael Irene, CIPM, CIPP(E) certification, is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke







Nigerian economy @ mid-term 2026: Review and commentary