My Body, My Data: Navigating Privacy Post-Roe
In a stunning move, the U.S. Supreme Court eliminated the constitutional right to an abortion after nearly half a decade. The court has now famously struck down the 1973 decision, Roe v. Wade, which guaranteed federal constitutional protection of abortion rights; as well as Planned Parenthood v. Casey, which maintained the right, stating: “The Constitution does not confer a right to abortion; Roe and Casey are overruled; and the authority to regulate abortion is returned to the people and their elected representatives.”
The decision came on June 24, 2022, about a month after a leaked initial draft majority opinion was obtained by Politico, indicating a tsunami of political, legal, and social commentary on the wide range of possible implications. One of the most interesting and potentially significant questions emerging from this dramatic shift in American life has to do with online privacy; namely: can reproductive health data be weaponized and used to track, monitor, or even prosecute people providing, facilitating, or receiving abortions; and what privacy laws, if any, protect our data from being shared with third-parties?
A Shift in Privacy Discourse
Everyday, billions of people readily give up their private information in exchange for the services we have all come to live and even rely on. In our “surveillance capitalist” economy, we effectively agree to let tech companies spy on us, manipulate our feeds to keep us engaged, and deepen our biases and blind spots. But for a long time, it seemed like no one was all too concerned.
The overturning of Roe v. Wade, however, appears to have woken many of us up to the potential downside (and even danger) of companies having access to so much of our private data, and what could happen if it fell into the wrong hands. Understandably, more and more of the discourse is centered on whether and how tech companies should protect information of users seeking reproductive healthcare. Fertility tracking apps have been thrust to the forefront of this conversation, with many users wondering what it could mean for their data – information about their menstrual cycle, sexual activity, symptoms, and pregnancy test results – to be obtained by a third party.
Civil liberties groups, like the Electronic Privacy Information Center (EPIC), have long been worried about potential misuse of reproductive health data by the state. Why? Because the U.S. lacks a comprehensive privacy law, and most legislation is enacted at the state level. There are only a handful of sector-specific U.S. Federal privacy laws, and a patchwork of scattered bills at various stages of the legislative process aiming to codify both consumer rights and business obligations regarding data privacy. In a New York Times interview with California Democratic Congressman, Ro Khanna, tech journalist Kara Swisher facetiously (but accurately) noted that Apple, not the U.S. government, has effectively become tech’s biggest privacy regulator in its decision to ask consumers whether they want their information stolen or not.
How is Reproductive Health Data Protected Today?
Any information recorded in a personal health app (including fertility tracking apps) is not protected by the Health Insurance Portability and Accountability Act (HIPPA) – a law that requires only health providers, insurers, and third-party administrators to protect patient’s health data. But while HIPAA does not apply here, other agencies can exert some oversight, and app users may be protected under certain consumer protection laws. For example, the Federal Trade Commission (FTC) health breach notification rule requires companies that experience a breach of consumers’ identifying health information to notify affected consumers, the FTC and, in some cases, the media. This rule applies to most health apps and similar technologies; and companies that fail to comply could be subject to penalties of up to $46,517 per violation per day. This can only be used by government agencies and does not provide a private right of action that can give compensation to victims.
Of course, violations have occurred. In fact, there have been a few notable class action lawsuits filed recently by users against popular fertility tracking apps. In early 2021, Flo Health settled FTC allegations that the company shared reproductive health data of its users (including the fact of a pregnancy) with third-party data analytics providers (Google, Facebook, AppsFlyer, and others) after promising such information would be kept private. Flo disclosed this information in the form of “app events: without limited how third-parties could use the data.
Privacy is a Fundamental Right
In lieu of comprehensive privacy legislation, these are some of the tools at our disposal to protect sensitive reproductive health data. But public pressure is mounting. Privacy advocates like Evan Greer, Director of Fight for the Future, point out that the media’s focus on fertility apps lets off the hook every company that collects and stores sensitive data. Along with 50 rights organizations, he calls on tech leaders (including Google) to reform their data collection and retention practices to prevent that information from being used to identify people who have obtained or provided abortions.
In roe, the Supreme Court applied the core constitutional principle of privacy and liberty to the right of a woman to decide whether to have an abortion. This is no longer the case. But privacy has long been recognized by the Court as “implicit in the concept of ordered liberty.” In our surveillance capitalist economy, it is increasingly more challenging to protect that right. It is also more urgent.