EXPLAINER: Data privacy concerns emerge after Roe decision
With abortion now or soon to be illegal in over a dozen states and severely restricted in many more, Big Tech companies that collect personal details of their users are facing new calls to limit that tracking and surveillance. One fear is that law enforcement or vigilantes could use those data troves against people seeking ways to end unwanted pregnancies.
History has repeatedly demonstrated that whenever people's personal data is tracked and stored, there's always a risk that it could be misused or abused. With the Supreme Court's Friday overruling of the 1973 Roe v. Wade decision that legalized abortion, collected location data, text messages, search histories, emails and seemingly innocuous period and ovulation-tracking apps could be used to prosecute people who seek an abortion — or medical care for a miscarriage — as well as those who assist them.
“In the digital age, this decision opens the door to law enforcement and private bounty hunters seeking vast amounts of private data from ordinary Americans,” said Alexandra Reeve Givens, the president and CEO of the Center for Democracy and Technology, a Washington-based digital rights nonprofit.
IT'S ALREADY HAPPENING
Until this past May, anyone could buy a weekly trove of data on clients at more than 600 Planned Parenthood sites around the country for as little as $160, according to a recent Vice investigation. The files included approximate patient addresses — derived from where their cellphones “sleep” at night — income brackets, time spent at the clinic, and the top places people visited before and afterward.
It’s all possible because federal law — specifically, HIPAA, the 1996 Health Insurance Portability and Accountability Act — protects the privacy of medical files at your doctor’s office, but not any information that third-party apps or tech companies collect about you. This is also true if an app that collects your data shares it with a third party that might abuse it.
In 2017, a Black woman in Mississippi named Latice Fisher was charged with second-degree murder after she sought medical care for a pregnancy loss.
“While receiving care from medical staff, she was also immediately treated with suspicion of committing a crime," civil rights attorney and Ford Foundation fellow Cynthia Conti-Cook wrote in her 2020 paper, “Surveilling the Digital Abortion Diary.” Fisher's "statements to nurses, the medical records, and the autopsy records of her fetus were turned over to the local police to investigate whether she intentionally killed her fetus,” she wrote.
Fisher was indicted on a second-degree murder charge in 2018; conviction could have led to life in prison. The murder charge was later dismissed. Evidence against her, though included her online search history, which included queries on how to induce a miscarriage and how to buy abortion pills online.
"Her digital data gave prosecutors a ‘window into (her) soul’ to substantiate their general theory that she did not want the fetus to survive,” Conti-Cook wrote.
Fisher is not alone. In 2019, prosecutors presented a young Ohio mother’s browsing history during a trial in which she stood accused of killing and burying her newborn baby. Defense attorneys for Brooke Skylar Richardson, who was ultimately acquitted of murder and manslaughter charges, said the baby was stillborn.
But prosecutors argued she’d killed her daughter, pointing in part to Richardson’s internet search history, which included a query for “how to get rid of a baby.” She was later acquitted.
Technology companies have by and large tried to sidestep the issue of abortion where their users are concerned. They haven't said how they might cooperate with law enforcement or government agencies trying to prosecute people seeking an abortion where it is illegal — or who are helping someone do so.
Last week, four Democratic lawmakers asked federal regulators to investigate Apple and Google for allegedly deceiving millions of mobile phone users by enabling the collection and sale of their personal data to third parties.
“Individuals seeking abortions and other reproductive healthcare will become particularly vulnerable to privacy harms, including through the collection and sharing of their location data,” the lawmakers said in the letter. “Data brokers are already selling, licensing and sharing the location information of people that visit abortion providers to anyone with a credit card.”
Apple and Google did not immediately respond to requests for comment.
Governments and law enforcement can subpoena companies for data on their users. Generally, Big Tech policies suggest the companies will comply with abortion-related data requests unless they see them as overly broad. Meta, for instance, pointed to its online transparency report, which says “we comply with government requests for user information only where we have a good-faith belief that the law requires us to do so.”
Online rights advocates say that's not enough.
“In this new environment, tech companies must step up and play a crucial role in protecting women’s digital privacy and access to online information,” said Givens of the Center for Democracy and Technology. For instance, they could strengthen and expand the use of privacy-protecting encryption; limit the collection, sharing and sale of information that can reveal pregnancy status; and refrain from using artificial intelligence tools that could also infer which users are likely to be pregnant.
WHAT ABOUT PERIOD APPS?
After Friday's Supreme Court ruling, some period-tracking apps tried to assure users that their data was safe. But it helps to read the fine print of the apps' privacy policies.
Flo Health, the company behind a widely-used period tracking app, tweeted Friday that it would soon launch an “Anonymous Mode” intended to remove personal identity from user accounts and pledged not to sell personal data of its users.
Clue, which also has a period tracking app, said it keeps users’ health data — particularly related to pregnancies, pregnancy loss or abortion — “private and safe” with data encryption. It also said it uses auditing software for regulatory compliance and removes user identities before their data is analyzed by the scientific researchers the company works with.
At the same time, the company acknowledged that it employs “some carefully selected service providers to process data on our behalf.” For those purposes, it said, “we share as little data as possible in the safest way possible.” But Clue offered no further details.
BURDEN ON THE USER
Unless all of your data is securely encrypted, there’s always a chance that someone, somewhere can access it. So abortion rights activists suggest that people in states where abortion is outlawed should limit the creation of such data in the first place.
For instance, they urge turning off phone location services — or just leaving your phone at home — when seeking reproductive health care. To be safe, they say, it's good to read the privacy policies of any health apps in use.
The Electronic Frontier Foundation suggests using more privacy-conscious web browsers such as Brave, Firefox and DuckDuckGo — but also recommends double-checking their privacy settings.
There are also ways to turn off ad identifiers on both Apple and Android phones that stop advertisers from being able to track you. This is generally a good idea in any case. Apple will ask you if you want to be tracked each time you download a new app. For apps you already have, the tracking can be turned off manually.
Associated Press Writers Amanda Seitz and Marcy Gordon contributed to this story.