Get TPR’s best stories of the day and a jump start to the weekend with the 321 Newsletter — straight to your inbox every day. Sign up for it here.
Businesses’ widespread collection, retention, and sale of consumer data is a threat to individuals seeking or providing abortion-related health care, according to data privacy and reproductive health experts.
The conviction of a mother in Nebraska for helping her daughter get an abortion after 20 weeks has renewed attention on the risk online activity poses to individuals living in states with abortion restrictions. Facebook messages between the two were part of the evidence in the case. Though the Nebraska case began before the U.S. Supreme Court overturned Roe v. Wade, laws restricting abortion have exploded.
Texas law does not criminalize abortion-seekers, but confers a potential penalty of life in prison and large fines for providers. In March, a Texas man sued friends of his ex-wife who he said helped her obtain abortion medication.
Andrew Crawford, a senior policy attorney at the Center for Democracy and Technology (CDT), said data that companies regularly collect about their users can be leveraged to go after reproductive health choices.
“These data points of information about our health, especially in the wake of Dobbs about reproductive health and choice, could be used by law enforcement, or even in some instances private individuals, seeking to sue or target people who are seeking or providing abortion and reproductive-related healthcare,” Crawford said.
Crawford published a report for CDT in May called Data After Dobbs, which he said offers best practices for companies to protect consumers and limit the amount of data they collect and retain.
“Companies should collect only the types of data for the direct service or product the customer is requesting,” he said. “Data shouldn’t be used to create behavioral profiles, or shared or sold for secondary purposes.”
He acknowledged that companies have a financial incentive to keep collecting data. But he said there are real incentives beyond the fact that he considers it the morally right position.
“If an app is, you know, collecting that kind of ancillary information and then using it for secondary uses, people can quickly — if they learn about that or they see negative consequences of that — grow to not trust the app, and then they won’t use it,” Crawford said.
He added that companies can also save the money they’d otherwise be using to pay for storing the mass amounts of data they collect.
Bethany Corbin is an attorney who deals with the overlap between technology and women’s health, often referred to as femtech.
She said messaging platforms without end-to-end encryption, search histories, and social media posts are “low-hanging fruit” for law enforcement to subpoena for when it comes to abortion-related enforcement. But she added that there may be some less obvious data that can also be used — without the need for a subpoena.
“If any of your reproductive health data is somehow included in that type of data that’s being bundled and packaged and sold downstream to data brokers, that’s a way for law enforcement to also get access to that data,” Corbin said.
That’s because law enforcement agencies can buy data from data brokers that they might otherwise have to subpoena.
Corbin said users should be aware of whether apps track their geolocation data, for example, and take steps like turning off location tracking or leaving the phone at home if they plan to go somewhere to perform or receive abortion-related care.
Because individual companies’ terms and conditions can be so long and convoluted, Corbin suggested that users should expect that any data they put into any app could eventually be made public, and act accordingly.
“I tell consumers, ‘if you’re not comfortable with that data somehow being disclosed downstream at some point, don’t put it in the app,’ ” she said.
Corbin said she’s also seen more people start using virtual private networks (VPNs), which can offer a secure channel to search for information about abortion-related care online, though they are not all created equal.
Both Corbin and Crawford said companies need to do more on their own to protect consumer data, but said the best solution would be federal digital privacy legislation to protect all Americans.