The ICO exists to empower you through information.

We are encouraging people to check how an app plans to use their personal information before they sign up.

All apps will have a privacy notice, a statement that explains how the company will use your data.

We know these can be overwhelming, and it is far too easy to just click “agree” when installing a new app.

But signing up to an app often involves handing over large amounts of your sensitive personal information, especially with apps that support our health.

Last year, we reviewed period and fertility apps to understand whether they are processing people’s personal information responsibly. We contacted various app providers and engaged directly with app users to understand their experiences. 

While no serious compliance issues or evidence of harms were identified in our review, we issued a reminder to all app developers about the importance of protecting users’ personal information.

Now, we have produced a series of short videos for people using apps, including period and fertility apps.

Ask yourself these key questions when signing up to an app:  

  • Is the privacy notice clearly written and easy to understand?
  • Will they delete your data when you don’t want to use the app anymore?
  • What measures do they have in place to prevent hackers from accessing your personal information?
  • Who are they sharing your information with?
  • Are you happy with where your personal information could end up?

An organisation that values your privacy will make its privacy notice easy to understand and clearly set out how it will use your personal information.

The videos will also be shared on our ICO social media channels over the coming weeks.

Remember – you are in control, so don’t press “agree” unless you do.

You can read more about your rights over your personal information here.

Notes to editors
  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, civil enforcement and audit.
  4. To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to