Digital privacy laws are not ready for a post-Roe v. Wade future. New bills circulating on the Hill are an important step toward safeguarding Americans’ personal data, but they are not a panacea to protect women seeking an abortion or the friends and family members who might be supporting them, or even just know of their intentions.
It’s no secret that today, personal and health data about human preferences, location, characteristics and behavior are collected through phones, apps, websites, advertisements, internet sites and service providers; if a device is connected to the internet, it probably collects user data. These data are used to provide helpful information and services, but as the United States lacks universal digital privacy protections, firms are solely responsible for data privacy and security.
At the same time, law enforcement has wide latitude to purchase and request personal data from companies. They can obtain a court order about a particular crime and companies are obliged to provide information related to the crime, some companies have made special portals to more easily provide data. Even without a court order, law enforcement can purchase bulk data from data brokers about suspected crimes or general surveillance. These data can contain location information, internet searches queries, among other personal information. Companies can push back but with a court order or subpoena are obliged to comply with law enforcement.
Surveillance of this nature has historically enjoyed wide support as protection against terrorism and other societal harms. But the combination of prolific personal data collection and law enforcement surveillance are predicated on the assurance that data about everyday interactions and behaviors are not under scrutiny by law enforcement. The overturning of Roe v. Wade calls this trust into question.
Since the ruling, trigger laws in eight states have banned abortion, and an additional five states plan to ban the procedure within the month. The bans fall largely along partisan lines, and they come with a side of additional surveillance.
A Texas law, with Florida and Ohio seeking to copy it, allows individual citizens to sue someone who got an abortion or assisted someone in getting one. Justice Thomas wrote in the majority opinion that the ruling would not prevent individuals from crossing state lines to access abortion care. But there is no guarantee that they will not be prosecuted when re-entering their state, particularly when new investigations show that data brokers are selling Planned Parenthood location information to law enforcement.
The surveillance laws create a quagmire around sensitive data related to reproductive health, and there are no bills currently under consideration by Congress that will protect health data from law enforcement seeking to prosecute abortion-related crimes.
To be clear, the digital privacy bills and health privacy bills under consideration in Congress – the American Data Portability and Protection Act (ADPPA), the My Body My Choice Act and the Fourth Amendment Isn’t For Sale Act – would increase digital privacy rights for all Americans. The first two would minimize data collected by tech firms, allow users to more easily opt-out of data collection, access and delete data held by firms and facilitate transparency on third-party data transfers. Whereas the Fourth Amendment Isn’t for Sale Act would prevent law enforcement from mass purchases of personal data used for surveillance purposes.
Securing data, however, is challenging because it requires technical solutions not currently reflected in digital privacy bills. One security idea would be to treat health data similarly to mobile pay, whereby all information about personal health could be stored on a device and not transmitted to firms. Additionally, lawmakers have the opportunity to establish clear standards for the anonymization of the most sensitive data, even if it affects data analysis, using techniques like differential privacy, which adds statistical noise to datasets.
Companies are responding with support for health privacy and may be able to deny certain data requests or offer certain settings for consumers to turn off sensitive data collection. But without universal digital privacy protections, data collection can easily be hidden from consumers; if one company denies the request, another company might also have the data and disclose it.
Some groups call for deleting apps that help monitor their reproductive health or not using technology if it might provide data for law enforcement. Not only is this bad for businesses, which may be sued for assisting employees with reproductive-related care, but it also may bar people of all genders, including men who may be caught in the crossfire, from the benefits of technology, which is no solution at all.
I am not calling for the end of surveillance for security purposes, but the future of digital privacy policies is uncertain. Pro-choice lawmakers may seek to suggest additional privacy measures, such as the ones touched on here, whereas pro-life lawmakers likely will want to permit law enforcement continued access to company health data.
Passing the new digital privacy bills is an important step in protecting digital privacy in the United States. But the country is entering a new era whereby data collected by beneficial digital tools may now be used for harm. This must inform how we approach data that could be surveilled. In a liberal democracy, women seeking abortion must have the right to use technology to monitor their basic health functions without fear that the data will be used against their own freedom as well as the freedom of their friends and families.
Jordan Shapiro is an economic and data policy analyst at the Progressive Policy Institute.