Why data privacy is a concern in the wake of Roe v. Wade reversal
With abortion now or soon to be illegal in over a dozen states and severely restricted in even more, Big Tech companies that collect personal details on their users are facing calls to limit that tracking and surveillance.
Driving these calls is the fear that law enforcement or anti-abortion vigilantes could use personal data troves against those individuals seeking ways to end unwanted pregnancies.
History has repeatedly demonstrated that whenever people's personal data is tracked and stored, there's always a risk it could be misused or abused. With the Supreme Court's Friday overturning of the 1973 Roe v. Wade decision protecting women's constitutional right to an abortion, collected data from location tracking, text messages, search histories, emails and seemingly innocuous period and ovulation-tracking apps could be used to prosecute people who seek an abortion or medical care for a miscarriage, as well as those who assist them.
"In the digital age, this decision opens the door to law enforcement and private bounty hunters seeking vast amounts of private data from ordinary Americans," said Alexandra Reeve Givens, the president and CEO of the Center for Democracy and Technology, a Washington-based digital rights nonprofit.
It's already happening
Until this past May, anyone could buy a weekly trove of data on clients at more than 600 Planned Parenthood sites around the country for as little as $160, according to a recent Vice investigation. The files generally include approximate patient addresses — derived from where their cellphones "sleep" at night — income brackets, time spent at the clinic, and the top places people visited before and afterward.
It's all possible because while federal law — specifically, HIPAA, the 1996 Health Insurance Portability and Accountability Act — protects the privacy of medical files at your doctor's office, it does not protect any information that third-party apps or tech companies collect about you. This is also true of personal data collected by an app that tracks your data and shares it with a third party.
In 2017, a Black woman in Mississippi named Latice Fisher was charged with second-degree murder after she sought medical care for a pregnancy loss.
"While receiving care from medical staff, she was also immediately treated with suspicion of committing a crime," civil rights attorney and Ford Foundation fellow Cynthia Conti-Cook wrote in her 2020 paper, "Surveilling the Digital Abortion Diary." Fisher's "statements to nurses, the medical records, and the autopsy records of her fetus were turned over to the local police to investigate whether she intentionally killed her fetus," she wrote.
Fisher was indicted on a second-degree murder charge in 2018. Conviction could have led to life in prison, but the murder charge was later dismissed. Evidence against her included her online search history, which included queries on how to induce a miscarriage and how to buy abortion pills online.
"Her digital data gave prosecutors a 'window into (her) soul' to substantiate their general theory that she did not want the fetus to survive," Conti-Cook wrote.
Fisher is not alone. In 2019, prosecutors presented a young Ohio mother's browsing history during a trial in which she stood accused of killing and burying her newborn baby. Defense attorneys for Brooke Skylar Richardson said the baby was stillborn.
But prosecutors argued she had killed her daughter, pointing in part to Richardson's internet search history, which included a query for "how to get rid of a baby." She was ultimately acquitted of murder and manslaughter charges.
Tech industry stays mum
Technology companies have by and large tried to sidestep the issue of abortion where their users are concerned. They haven't said how they might cooperate with law enforcement or government agencies trying to prosecute people seeking an abortion where it is illegal or people helping someone do so.
Last week, four Democratic lawmakers asked federal regulators to investigate Apple and Google for allegedly deceiving millions of mobile phone users by enabling the collection and sale of their personal data to third parties.
"Individuals seeking abortions and other reproductive health care will become particularly vulnerable to privacy harms, including through the collection and sharing of their location data," the lawmakers said in the letter. "Data brokers are already selling, licensing and sharing the location information of people that visit abortion providers to anyone with a credit card."
Apple and Google did not immediately respond to requests for comment.
Governments and law enforcement can and have subpoenaed companies for data on their users. Generally, Big Tech policies suggest the companies will comply with abortion-related data requests unless they see them as overly broad. Meta, for instance, pointed to its online transparency report, which says "we comply with government requests for user information only where we have a good-faith belief that the law requires us to do so."
But online rights advocates say that's not enough.
"In this new environment, tech companies must step up and play a crucial role in protecting women's digital privacy and access to online information," said Givens of the Center for Democracy and Technology. For instance, they could strengthen and expand the use of privacy-protecting encryption; limit the collection, sharing and sale of information that can reveal pregnancy status; and refrain from using artificial intelligence tools that could also infer which users are likely to be pregnant.
What about period apps?
After Friday's Supreme Court ruling, some period-tracking apps tried to assure users that their data was safe. But it helps to read the fine print of the apps' privacy policies.
Flo Health, the company behind a widely-used period tracking app, tweeted Friday that it would soon launch an "Anonymous Mode" intended to remove personal identity from user accounts and pledged not to sell personal data of its users.
Clue, which also has a period tracking app, said it keeps users' health data — particularly related to pregnancies, pregnancy loss or abortion — "private and safe" with data encryption. It also said it uses auditing software for regulatory compliance and removes user identities before their data is analyzed by the scientific researchers the company works with.
At the same time, the company acknowledged that it employs "some carefully selected service providers to process data on our behalf." For those purposes, it said, "we share as little data as possible in the safest way possible." But Clue offered no further details.
Burden is on the user
Unless all of your data is securely encrypted, there's always a chance that someone, somewhere can access it. And even data that's said to be "anonymized" often isn't. Researchers have shown that having just four credit-card purchases or three locations is enough to uniquely identify the vast majority of people.
Abortion rights activists suggest that people in states where abortion is outlawed should limit the creation of such data in the first place. For instance, they urge turning off phone location services — or just leaving your phone at home — when seeking reproductive health care.
The Electronic Frontier Foundation suggests using more privacy-conscious web browsers such as Brave, Firefox and DuckDuckGo, but also recommends that users double-check their privacy settings.
There are also ways to turn off ad identifiers on both Apple and Android phones that stop advertisers from being able to track you. This is generally a good idea in any case. Apple will ask you if you want to be tracked each time you download a new app. For apps you already have, the tracking can be turned off manually.