Privacy Advocates on High Alert as Roe Decision Looms

WASHINGTON — Data privacy advocates are sounding the alarm as the Supreme Court’s official opinion looms on the Mississippi lawsuit that likely could overturn the precedent for a woman’s right to an abortion set by Roe v. Wade.

If the leaked opinion for Dobbs v. Jackson Women’s Health Organization stays the same, states would set their own abortion access laws. States like Louisiana have already attempted to pass laws that would criminalize abortion.

This ruling comes at a time when tracking who gets an abortion is potentially as easy as requesting or buying data that people often don’t know they are giving.

Currently, companies are “creating dossiers about each one of us that could expose our most personal information,” said Caitriona Fitzgerald, the deputy director at the Electronic Privacy Information Center, in an interview Tuesday.

That includes information including medical procedures and products people may search about online or their location down to the clinics they frequent, she said.

Overall companies have an abundance of personal data down to the keystrokes people type on online forms, Fitzgerald explained.

Now, the stakes are highest for people seeking abortions from states looking to criminalize them where law enforcement could subpoena for such data, she said. Or, as in Texas, individuals can potentially purchase information from data brokers, which they can exchange for a bounty, Fitzgerald explained, referring to a story by a Vice reporter who bought a week’s worth of location data of people visiting a clinic for $160.

“People are buying that information and using it to target individuals, which is terrifying,” Fitzgerald said.

Typically people perceive their health-related information as protected because of privacy laws like the Health Insurance Portability and Accountability Act. However, the law only requires very specific “covered entities” including health care providers and insurers to keep the health data private.

“The reason why all these privacy harms are possible is because we have sectored privacy laws that are outdated,” said Andrew Crawford, senior policy counsel at the Privacy and Data Project, in an interview Wednesday.

Privacy laws, like HIPAA, are generally limited to one specific area and don’t account for new technology like cell phones, computers and smartwatches that can capture sensitive information, he said.

Period and other fertility tracking apps are the ones people will be interested in for the data, he said. However, there’s lots of other potential health information, like heart rate, that devices capture too, he said.

As long as companies put all the information about the uses of data in the “dense” user privacy policies many people just skim, there aren’t any repercussions for selling that information, Crawford said.

Last year the fertility-tracking app Flo settled with the Federal Trade Commission after a lawsuit alleged the company gave its data to third-party marketing companies. The company at the time told users information stored in the app would only be used for in-app uses, according to the complaint.

The company acknowledged no wrongdoing in the settlement but did agree to an independent review of its privacy policy and agreed it would seek consent from users to use their data for other uses.

“Apps that collect, use, and share sensitive health information can provide valuable services, but consumers need to be able to trust these apps,” Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, wrote in a statement at the time. “We are looking closely at whether developers of health apps are keeping their promises and handling sensitive health information responsibly.”

It’s those second- and third-party uses like selling information to data brokers that is most concerning to Fitzgerald and Crawford because people don’t typically understand all the information they are giving away and what it could be used for.

“It’s so hard for folks to grasp because the scope is just so massive,” Fitzgerald said.

Individuals can take action on their own to secure some of their data by turning off their location information and reading individual apps’ privacy policies.

“It shouldn’t be on an individual to protect their privacy online, but while we are in this era with no rules, we should check,” Fitzgerald said.

Lawmakers are aware of these issues.

Last week a group of five senators — including Sens. Ed Markey, D-Mass., Elizabeth Warren, D-Mass., Bernie Sanders, I-Vt., Cory Booker, D-N.J., and Ron Wyden, D-Ore. — sent letters to the CEOs of Apple and Google asking they take action by removing apps that would use fertility information for third-party uses.

“Should the Supreme Court overturn Roe v. Wade, anti-abortion prosecutors and even vigilantes may be able to exploit online mining of data from apps on the Google Play Store [and App Store] to stop individuals from accessing abortion services or to target them retroactively,” the senators wrote.

However, “if you ask one company to stop doing it, another company will do it,” Fitzgerald said, urging there needs to be a legislative response.

Companies are “only one part of the solution,” Crawford said. “It’s incumbent on our federal legislators to take some action.”

Madeline can be reached at [email protected] and @MadelineHughes