After the supreme court overturned Roe vs. Wade on June 24th, 2022, politics and privacy were turned upside down overnight. Politics aside, there are serious privacy implications as a result of the decision to end women’s constitutional right to abortion. Tech companies are at the forefront of making critical privacy decisions that could have legal, social, and political consequences no matter which way they sway. Abortion data is just another type of data to be collected and protected. And you should be aware of the implications, regardless of where your opinions fall on the issue.
How heavy should the data protection burden be for organizations? How do company and consumer protection relate to one another? How will privacy policies change and if they do, what does that say about political agendas? Does the overturning of Roe v Wade mean that tech companies will be more politicized based on their agreement to share or withhold private user data? These questions are surfacing in the face of this historic change. Abortion data privacy (and privacy in general) is going to look increasingly different in the near future. So, I’m here to wonder with you as we adjust to the new cybersecurity implications.
What we know is that data mining is nothing new. Nor is a desire for privacy. The political sphere may look different, but our privacy protecting habits shouldn’t. If anything–in the wake of geopolitical tensions and tense party lines–now is a great time to know who knows what about your data and what you can do to minimize data collection.
But first, what are the risks? Who are the stakeholders? And what do we do next?
Roe v. Wade Privacy Risks – Abortion Data Ripe for Exposure
- Text messages
- Location tracking
- Web searches
- Health apps (fertility/period tracking apps)
- Health centers: Sexual/reproductive histories, test results, ultrasound photos, consultation information
Who Stands to Cash In on Pregnancy & Abortion Data
- Third party data brokers looking to mine fertility, pregnancy and abortion data for the sake of profit
- Companies looking to sell you goods and services based on your stage of life
- Anti-abortion activist groups who want to target pro-life messages to both political sides
How the Ruling Could Alter Privacy
- Privacy legislation. The American Data Privacy and Protection Act being drafted by the US House does not have specific provisions related to abortion. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law requiring the protection of sensitive patient health data. However, The Privacy Rule permits the use and disclosure of patient information without disclosure or permission when required by law, for judicial and administrative proceedings, and for essential law or government functions. (Learn more about what is permitted here.)
- App anonymization, deletion, and encryption. Anonymization means either erasing or encrypting your Personally Identifiable Information (PII) so that stored data cannot be traced back to the user. Encryption means that companies cannot hand over data if they get subpoenaed by the government. End-to-end encryption means that your login data and period-tracking data will be completely anonymized so that no one but the user can view it. Certain period-tracking apps like Clue, Natural Cycles, and Flo offer data deletion upon request. None of these items has been made into law and are open for interpretation.
- Geofence warrants. A geofence warrant is a warrant that officials can issue to gather information without having a particular suspect in mind. They differ from traditional court orders as they only require a location and period time (not a suspect) to conduct a sweeping search of a database. After Roe v Wade was overturned, we anticipate the issuing of subpoenas for search histories. This is nothing new. Law enforcement agencies often require Google to provide data needed for investigations without alerting the individual that their data is being shared. This has direct impact on abortion and health data privacy.
- Data mining and advertisement. Privacy laws and abortion laws are still separate. But not as separate as you think. The surveillance advertising industry already exploits search and social media platforms. Now with legal implications and enforcement, we wonder if state prosecutors will be permitted to order media outlets to identify and prosecute women seeking abortions. Where do we draw the line?
- Dark Web traffic. There will be an increase in Dark Web Traffic as women search for abortion pills that may become outlawed in their state.
Ways to increase data protection
Companies should stand up for privacy no matter what. Here are a few reminders on minimizing data exposure or exploitation.
- As an organization, it is a best practice to collect and use as little private information as possible. This will keep you from being such an attractive hacking target.
- Use minimal data collection search engines (duckduckgo, firefox, brave)
- Utilize a private browsing window like Incognito (Chrome)
- Communicate sensitive information over encrypted messaging services (Signal)
- Browse the internet on a virtual private network (VPN) like Proton VPN that masks your computer or phone’s IP address
- Install browser extensions that enhance privacy
- Disable advertising identifiers in your phone and browser
- Enable location services only when necessary and only when the app is in use.
- Bulletproof your culture of security by investing in engaging security awareness training.
We are more vulnerable to the surveillance economy than ever before. Changes to the political sphere are impacting virtually every aspect of our digital and physical lives, whether we know it or not. Now is a great time to take stock of our own blind spots and be intentional about how we protect our personal data.