Loyola University Chicago School of Law, JD 2024
On June 24, the Supreme Court officially overturned Roe v. Wade. In doing so, it declared that there was no longer a constitutional right to abortion, allowing state police power to determine its legality. Immediately after this decision, trigger laws went into effect across a quarter of the states, making abortions illegal. Post Dobbs, information collected on personal devices, especially through period-tracking and telemedicine apps, is at risk of being exposed and utilized as criminal evidence.
How does using technology put women at risk?
People have been using health apps to track their menstrual cycles for the last decade. These apps store information relating to when a woman starts or ends each period, when she begins and ends ovulating, and whether her period is irregular, delayed, or never came. While many women rely on the privacy of storing such sensitive information in their personal devices, many of these apps are not covered by HIPAA requirements. Also, the privacy practices vary between apps, including failure to adhere to declared policies, failure to account for all the data collected, and selling data to third parties, which leaves health information vulnerable to exposure. Such practices can be unpredictable and shocking to the consumer. For example, a recent investigation revealed that Planned Parenthood’s scheduling tool shares an individual’s location and the type of abortion they seek with large tech companies, such as Google and Facebook.
The risk, however, isn’t limited to data in health apps. Information collected from other apps, including location services, purchase histories, messages, social media and google searches, when combined with relevant data from health apps, is an easy way for law enforcement to identify women that are seeking abortions and prosecute them. App developers can be legally forced to release private data collected from their users. On the other hand, developers or big tech companies may also sell the collected data to law enforcement and others seeking to find and prosecute abortion-seeking women.
How can women avoid leaving a digital trail?
The Washington Post circulated an article detailing various steps women can take to protect their digital footprint. The most effective precaution that can be taken is to avoid using period-tracking apps, and instead revert to physical paper calendars or protected spreadsheets. While inconvenient, this method eliminates the biggest potential factor in their digital trail- having their menstrual cycle and potential pregnancy information online. Many women have already started deleting many of these apps off their phones to secure their information and conceal their identities. Additionally, women should make sure that all apps, websites, and personal devices are collecting as the least amount of data possible by adjusting their privacy settings and disabling their location services. The article even recommends turning off or leaving their phones at home when the women visit locations that offer abortions. Data collected in women’s phones have already been subject to search warrants and subpoenas, with Google receiving over 40,000 court orders in the beginning of 2021. When it comes to communication and sharing abortion information or asking questions, end-to-end encrypted messaging apps should be used, such as WhatsApp or Apple’s iMessage. These apps conceal messages against everyone except the receiver and sender. Most importantly, the receivers of abortion information should be limited to those that are trusted the most, such as a spouse, parent, or a close friend. Even so, such information should be shared with a very minimum number of people.
What should app developers do to protect user privacy?
While women protect their own digital footprint, app developers should work to ensure privacy on their end. Privacy law attorneys at Faegre Drinker provided recommendations to health app developers on the steps they can take to protect and maintain their business and their user database. They suggest that data collection, including location services, should be disabled or limited. When determining what to do in this regard, developers should weigh the benefit of collecting the data against the risk of harm to their user if this data was obtained and used against them. Apps collect data for a multitude of reasons, including functionality, personalization, profit, and analytics. While many of these reasons serve as benefits, developers can decide which of these benefits are actually necessary in comparison with the risk it serves to users. Additionally, those app developers should limit their disclosure of data and increase their security practices. There is a high risk of cyber-attacks and hackers that can obtain sensitive information, especially if being paid to do so by prosecutors. Third parties with whom health data is shared should be scrutinized to ensure their data practices align with the data practices of the app developer. Also, app developers can simply decline unlawful requests for data. At the very least, users should be asked to provide informed consent regarding the data collected. Furthermore, with changes that have already and will likely continue to occur with the overturn of Roe, privacy notices should be updated to reflect the impact on users’ new and stored data.
Collectively, measures taken by both app developers and their users can protect the privacy and interests of women accessing reproductive care.