On 24th June 2022, the U.S. Supreme Court issued its decision in Dobbs v Jackson Women’s Health Organisation, in which it overturned Roe v Wade by a 6-3 majority, thereby ending 49 years of precedent and the constitutional right to abortion. By no means was this a surprise after Supreme Court Justice Alito’s draft opinion was leaked several weeks ago. The ruling in Dobbs allows U.S. states to adopt laws criminalising abortion. In the wake of the decision, multiple U.S. states quickly restricted access to the procedure or banned it entirely and it is thought that approximately half of the U.S. states will take steps such as these. The direct social impact of this decision cannot be overlooked, cutting deep at the heart of women’s civil rights; these impacts have been considered at length by many commentators. Alongside these, there are also key data privacy concerns which in themselves bring uncertainty and further harm to individual’s rights and freedoms.
One such concern is the exploitation of personal data that could lead to prosecution of both women and physicians who violate state law by proceeding with abortions. As it stands, federal laws in place such as the Health Insurance Portability and Accountability Act (HIPAA) protect medical files in a doctor’s surgery; however, notably HIPAA does not protect any information that third-party apps or technology collect about individuals, and apps which share this data with a third party. Not only could telephone call histories, text messages and emails be used to prosecute, but also location data, online payment records, Google searches, and fertility and menstrual tracking apps. The degree to which such data can be used as evidence was starkly highlighted in Mississippi in 2017, where a woman was charged with second degree murder after she sought medical care for pregnancy loss. Evidence against her included her online search history which included queries on how to induce a miscarriage and how to buy abortion pills. It is worth noting that this is not a one-off case, and it seems likely that cases such as these will be far more prevalent in the wake of the overturning of Roe v Wade.
With the above in mind, naturally eyes turn to technology companies such as Apple and Google and how they might cooperate with law enforcement or government agencies trying to prosecute people seeking an abortion or people helping someone to do so. Unfortunately, they have yet to give a concrete response, but it is inevitable that the stance of technology companies will be one to watch, as “individuals seeking abortions and other reproductive health care will become particularly vulnerable to privacy harms, including through the collection and sharing of their location data”. Current policies seem to suggest that tech firms will comply with abortion-related data requests, for example Meta, stated that “we comply with government requests for user information only where we have a good-faith belief that the law requires us to do so.” Online civil rights activists have argued that tech firms should be doing far more to take a stand on this issue, “in this new environment, tech companies must step up and play a crucial role in protecting women’s digital privacy and access to online information.” However, ultimately the extent to which tech firms can take a stand on this issue is limited by the law, and therefore, the onus in the end lies with the legislators.
In addition to the risk of personal data relating to women’s personal reproductive services being shared with law enforcement agencies, “data brokers are already selling, licensing and sharing the location information of people that visit abortion providers to anyone with a credit card.” Shockingly, shortly after the Supreme Court draft was leaked, a reporter managed to purchase aggregate data of people who visited more than 600 legal abortion clinics around the country for only $160. The files included approximate patient addresses, of which the information is derived from where the phones ‘sleep at night’, income brackets, time spent at clinics and the top places people visited before and after visiting a clinic. The availability of this data becomes even more frightening when you consider that Texas, Oklahoma and Idaho have passed citizen-enforced abortion bans (a “bounty system”), meaning anyone can file a civil lawsuit if they believe an abortion was performed and potentially win at least $10,000, posing a threat to not only an individual’s right to privacy but also their lives.
A digital footprint
“We live in a digital age when our activities, our movements, our transactions and our communications leave a digital trail,” and it is extraordinarily hard to eliminate all of the digital trails that might be of interest to law enforcement”, said Nathan Wessler, the deputy project director of the Speech, Privacy and Technology Project at the American Civil Liberties Union. In an age where “stored data grows 5x faster than the world economy”, it is both unjust and unreasonable to expect individuals to, “limit the creation of such data in the first place” which is an approach suggested by some advocates. This is neither fair nor practical, and “tech savviness, time and effort required to avoid leaving a digital footprint might not be achievable for some”. This being said, the sad truth is that unless appropriate measures are taken by the U.S. government, this could become the reality for many.
Since the decision at the end of June, several potential safeguards against the sharing and access to individual’s personal data have been discussed:
- First, there have been calls for updates to the HIPAA to prevent health data from being shared with law enforcement agencies targeting people who have an abortion. The act means to “define and limit” the circumstances when a person’s health data can be used or disclosed by covered entities, Democrats have argued this should be one of these limitations;
- Second, there is at least one “proposal at the federal level seeking to box out access to reportable data” as Senate Democrats introduced the Health and Location Data Protection Act. “This proposal targets sensitive data brokerage and combatting the sharing of health records and tracking of movements to draw points of inference”;
- Third, Democrats have immediately called on the Federal Trade Commission (“FTC”) to restrict the two largest tech companies (Google and Apple) from handing over individuals’ data if subpoenaed by a State. Specifically, they want restrictions on the use of advertising identifiers that link a person to a device, and allow for tracking of their movements and personal profiles of information to be built.
The road ahead
These hurdles, whilst taking small steps in the right direction of upholding data privacy, are in their infancy and no doubt will face strong challenges in Congress. This, alarmingly, leaves the data rights of millions of women across the U.S. in the balance until provisions are put in place to better protect their data. In the short-term, it is easy to foresee that many individuals will be left with no option to ‘limit the creation’ of such data as alluded to above; however, this is not a tenable solution long-term. “Millions of Americans have lost a fundamental right to make their own health and reproductive decisions”, ultimately, the least that can be done, is for U.S. representatives to do all they can to “fight for individuals’ fundamental right to privacy”. No doubt in the coming weeks and months, we will see widespread attempts to reinstate a more secure right to abortion across the U.S. In the meantime, implementing more robust measures to protect individuals’ right to data privacy is a useful, even crucial, first step.