Bandana Saikia

Kosha Doshi

December 14th, 2022

Rethinking Explicit Consent and Intimate Data Collection: The Looming Digital Privacy Concern With Roe v. Wade Overturned

1 comment | 18 shares

Estimated reading time: 10 minutes

Bandana Saikia

Kosha Doshi

December 14th, 2022

Rethinking Explicit Consent and Intimate Data Collection: The Looming Digital Privacy Concern With Roe v. Wade Overturned

1 comment | 18 shares

Estimated reading time: 10 minutes

INTRODUCTION

On 24 June 2022, the United States Supreme Court declared in Dobbs v. Jackson Women’s Health Organization that there is not any constitutional right to abortion, reversing Roe v. Wade and Planned Parenthood of Southeastern Pennsylvania v. Casey—two landmark decisions which had affirmed American’s right to access abortions.

Since the Dobbs decision, there has been much discussion over the widespread use of period tracking apps, which according to a report by Consumer Reports are used by around 50 million women worldwide. It has been cautioned by some advocates that law enforcement in states where abortion is criminalised can and would subpoena the data obtained by these apps to be used as evidence of a terminated pregnancy in an effort to combat self-managed abortions, despite the fact that such abortions are medically identical to miscarriages. Period trackers could, theoretically, share user information with law enforcement if faced with requests.

ABORTION AND PRIVACY RIGHTS IN THE DIGITAL WORLD

It is worth mentioning that the right to privacy and the right to have an abortion are two rights that are intertwined in the legal system of the United States, despite the fact that they may seem to be unrelated at first look. This is because the decision in Roe v. Wade, which was handed down in 1973, states that the right to abortion originates from the constitutional right to privacy that is provided by the due process clause of the Fourteenth Amendment.

It is well-established that the criminalisation of abortion forces women to turn to illegal and frequently dangerous procedures. But in the digital era, restricted access to reproductive care has also bred worries about privacy. Privacy advocates worry that state and local governments may use sensitive information, such as data about menstrual cycles and reproductive health from period-tracking apps, search histories and even text messages to identify and punish women who seek abortions in the wake of the Dobbs ruling. Many of these period tracking applications also work in the AdTech sector and employ business strategies that generate income by selling users’ sensitive information.

The increased criminalisation of reproductive health care has serious ramifications for the lack of robust digital privacy protections for health apps, such as period trackers. In 2019, Privacy International published a study highlighting  how certain popular period tracking applications were sharing the data they acquired with Facebook for advertisement purposes. In a different study, Privacy International requested data from five period tracking applications in order to examine these apps’ adherence to GDPR standards, including the right of access to one’s data and to observe how users’ data was being used and shared. When the researchers tried to access their own data, only two apps responded, and even then, their data was occasionally shared with outside parties. In 2021, a complaint was filed against the widely-used app Flo, alleging that “app events,” or app data shared to third parties for various reasons, had been used to disclose sensitive health information, such as the confirmation of a user’s pregnancy, to third parties. After Dobbs, privacy advocates and women’s rights organisations worry that state officials will now have access to and be free to exploit this data.

These concerns are not unfounded. In one widely reported instance, a Mississippi mother who gave birth to a stillborn child at home was accused of murder because she had looked up abortion medications online. In another instance, prosecutors used a woman’s text messages as evidence that her miscarriage was in fact a self-induced abortion, and she was given a 20-year prison term for feticide. Her conviction was ultimately overturned, but only after she had served three years in prison.

According to a recent investigation by Reveal and The Markup, anti-abortion groups used Facebook’s advertising tools, which collect data from large portions of the internet—including some hospitals—to monitor people seeking abortion services, in spite of Meta’s rules prohibiting the collection of such information. According to the investigation, data gathered by the organisations was also shared with various anti-abortion marketing businesses, allowing them to target advertisements to “abortion-minded women.” While there have been no confirmed cases thus far of period trackers being used in prosecutions of abortions, the data collected by digital health applications, such as period trackers, is potentially subject to subpoena and therefore could be used by law enforcement as evidence of abortion in jurisdictions where the practise is now illegal.

SCOPE OF EXISTING DATA PRIVACY LAWS

Before the Dobbs decision was finalised, lawmakers urged Google and the Federal Trade Commission to guarantee that in the event of such a decision, data for online patients seeking care would be protected. The letters were sent after Politico reported on a draft of the Dobbs ruling that had been leaked, indicating that the Supreme Court was preparing to overturn Roe. In many areas of the United States, a routine, safe medical procedure was swiftly made illegal by the repeal of federal abortion rights, and routine medical information was transformed into evidence that could be used against people who might have had an abortion.

Medical privacy laws in the United states, the most significant of which is the Health Insurance Portability and Accountability Act (HIPAA), do not prevent subpoenas or warrants for medical records data, and as a result, doctors are permitted to reveal medical information if they have reason to believe that a crime has been committed. The majority of patients do not possess their own medical records, and patients have clear ownership rights over their medical records in only one state, New Hampshire. In  other states, the laws expressly state that hospitals or medical providers are the owners of the records, though people must be able to view their own complete medical records in accordance with HIPAA. One could believe that the HIPAA safeguards the medical information of abortion-seeking women. However, the law is deficient in this area, and patients’ privacy is not completely protected.

Experts in health law, Kayte Spector-Bagdady and Michelle Mello, suggested three scenarios where HIPAA would fall short of protecting patients’ privacy. These include using medical records of a patient to prove that they are seeking an abortion, using medical facility records to prove that the medical facility is at fault and using online activity data to prove that a patient is seeking an abortion. US senators recently urged the Department of Human and Health Services (HHS) to address this problem and safeguard patients’ reproductive healthcare information. After that, the HHS Office of Civil Rights published guidance outlining ways that people could protect their health information while using cell phones and tablets. The guidance also advised healthcare professionals that the privacy rule under HIPAA would prevent them from disclosing information about abortion-related incidents unless required to do so by State law. Additionally, it was stated in the guidance that healthcare providers were not required to divulge a patient’s personal health information absent a court order or subpoena from law enforcement. The HHS has been urged by the US senators to take additional action, including using their administrative authority to update the HIPAA privacy rule, identify the covered entities, restrict the circumstances under which these entities may share information about reproductive health or abortion, and make it clear that healthcare information cannot be shared with law enforcement agencies that may be targeting women seeking abortions.

Surprisingly, because they do not qualify as covered companies, period-tracking apps are not subjected to HIPAA regulations, which enables them to freely monetise the data they gather. As a result, many menstrual apps in the US have been found to exchange data with outside parties, and advertisers use information like a user’s desire for a child or desire to avoid having one to display advertisements for fertility or abortion clinics. Thus, the lack of adequate regulations concerning the use of health data by period tracking apps raises serious concerns about users’ digital privacy in the wake of the Dobbs decision.

CONCLUSION

The United States Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization highlights the need for  tech corporations to recognise their own power and the elevated significance of user privacy. We currently live in a world where we leave unparalleled digital fingerprints. The data-sharing tactics of period-tracking apps can exacerbate issues for women and those who procreate, but they can also aid in the diagnosis of diseases, like polycystic ovarian syndrome. Some apps assist in the creation of reports that can be shared with medical practitioners, which makes opting out more difficult and unpleasant, especially for users without access to health insurance or other forms of medical assistance. Today, Protected Health Information (PHI) is gathered, stored, communicated and guarded in quite different ways than it was  when HIPAA was passed more than 25 years ago. As new technological advancements and data storage techniques take hold, providers and patients alike are discovering that HIPAA’s patient privacy protections are less comprehensive than previously believed.

Following are  suggestions in order to address some of the problems with period tracking software collecting personal data:

  • Strengthen the security system: Companies are required to inform the period tracking application users of the security precautions and procedures that will be used to protect their data, which might include conducting compliance reports of the data laws prevailing in the countries where their services are available.
  • Users must also be made aware of any breaches or hacks and provided with information about how much their data has been impacted, which might also include sending data breach notifications to its users.
  • User rights should not be restricted, and data fiduciaries should not have the authority to refuse users’ requests outright.

 

REFERENCE LIST

  1. Michela Moscufo, Parks, M., Jeca Taudte and DiMartino, J. (2022). Period-tracking apps may help prosecute users, advocates fear. [online] ABC News. Available at: https://abcnews.go.com/Health/abortion-advocates-fear-period-tracking-apps-prosecute-abortion/story?id=85925714 [Accessed 28 Nov. 2022].
  2. ‌Rosato, D. (2020). What Your Period Tracker App Knows About You. [online] Consumer Reports. Available at: https://www.consumerreports.org/health-privacy/what-your-period-tracker-app-knows-about-you-a8701683935/ [Accessed 28 Nov. 2022].
  3. ‌Garamvolgyi, F. (2022). Why US women are deleting their period tracking apps. [online] the Guardian. Available at: https://www.theguardian.com/world/2022/jun/28/why-us-woman-are-deleting-their-period-tracking-apps [Accessed 28 Nov. 2022].
  4. ‌Justia Law. (2022). Planned Parenthood of Southeastern Pa. v. Casey, 505 U.S. 833 (1992). [online] Available at: https://supreme.justia.com/cases/federal/us/505/833/ [Accessed 28 Nov. 2022].
  5. ‌Justia Law. (2022). Roe v. Wade, 410 U.S. 113 (1973). [online] Available at: https://supreme.justia.com/cases/federal/us/410/113/ [Accessed 28 Nov. 2022].
  6. ‌SUPREME COURT OF THE UNITED STATES (2021). Dobbs v. Jackson Women’s Health Organization. [online] Available at: https://www.supremecourt.gov/opinions/21pdf/19-1392_6j37.pdf.
  7. ‌Morse, J. (2022). What Is Roe v. Wade ? And Why Experts Think Your Privacy Is At Risk Should It Fall. [online] Mashable India. Available at: https://in.mashable.com/tech/31277/what-is-roe-v-wade-and-why-experts-think-your-privacy-is-at-risk-should-it-fall [Accessed 28 Nov. 2022].
  8. ‌Amnesty International. (2022). Abortion is a human right. [online] Available at: https://www.amnesty.org/en/what-we-do/sexual-and-reproductive-rights/abortion-facts/ [Accessed 28 Nov. 2022].
  9. ‌AP (2022). In a post Roe world Big Tech policies regarding abortion could impact user privacy. [online] Thehindu.com. Available at: https://www.thehindu.com/sci-tech/technology/roe-vs-wade-america-abortion-pregnancy-big-tech-meta-facebook/article65756820.ece [Accessed 28 Nov. 2022].
  10. ‌Alaattinoğlu, D. (2022). Rethinking Explicit Consent and Intimate Data: The Case of Menstruapps. Feminist Legal Studies, [online] 30(2), pp.157–179. doi:10.1007/s10691-021-09486-y.
  11. ‌Privacy International. (2020). No Body’s Business But Mine: How Menstruation Apps Are Sharing Your Data. [online] Available at: https://privacyinternational.org/long-read/3196/no-bodys-business-mine-how-menstruations-apps-are-sharing-your-data [Accessed 28 Nov. 2022].
  12. ‌Privacy International. (2020). We asked five menstruation apps for our data and here is what we found… [online] Available at: https://privacyinternational.org/long-read/4316/we-asked-five-menstruation-apps-our-data-and-here-what-we-found [Accessed 28 Nov. 2022].
  13. ‌GDPR.eu. (2019). Everything you need to know about GDPR compliance – GDPR.eu. [online] Available at: https://gdpr.eu/compliance/ [Accessed 28 Nov. 2022].
  14. ‌Federal Trade Commission. (2021). Health app broke its privacy promises by disclosing intimate details about users. [online] Available at: https://www.ftc.gov/business-guidance/blog/2021/01/health-app-broke-its-privacy-promises-disclosing-intimate-details-about-users [Accessed 28 Nov. 2022].
  15. ‌Malek, L.A., Jain, P. and Song, K. (2022). Pandora’s Box of Data Privacy at Risk With Abortion Ruling. [online] @BLaw. Available at: https://news.bloomberglaw.com/health-law-and-business/pandoras-box-of-data-privacy-at-risk-with-abortion-ruling [Accessed 28 Nov. 2022].
  16. ‌Gal, U. (2022). Post Roe, women in America are right to be concerned about digital surveillance – and it’s not just period-tracking apps. [online] The Conversation. Available at: https://theconversation.com/post-roe-women-in-america-are-right-to-be-concerned-about-digital-surveillance-and-its-not-just-period-tracking-apps-185865 [Accessed 28 Nov. 2022].
  17. ‌Zakrzewski, C., Verma, P. and Parker, C. (2022). Texts, web searches about abortion have been used to prosecute women. [online] Washington Post. Available at: https://www.washingtonpost.com/technology/2022/07/03/abortion-data-privacy-prosecution/ [Accessed 28 Nov. 2022].
  18. ‌Christophe Haubursin (2015). An Indiana woman is facing 20 years in prison for ‘feticide’. [online] Vox. Available at: https://www.vox.com/2015/4/3/8336863/an-indiana-woman-is-facing-20-years-in-prison-for-feticide [Accessed 28 Nov. 2022].
  19. ‌Oldham, G. and Mehrotra, D. (2022). Facebook Enables Anti-Abortion Clinics to Collect Data on Would-Be Patients. [online] Truthout. Available at: https://truthout.org/articles/facebook-enables-anti-abortion-clinics-to-collect-data-on-would-be-patients/ [Accessed 28 Nov. 2022].
  20. ‌Suciu, P. (2022). Facebook Has Been Targeting Users Who Visited Pregnancy Center Sites – How Could That Data Be Used? Forbes. [online] 11 Jul. Available at: https://www.forbes.com/sites/petersuciu/2022/07/10/facebook-has-been-targeting-users-who-visited-pregnancy-center-sites–how-could-that-data-be-used/?sh=104bf3727c53 [Accessed 28 Nov. 2022].
  21. ‌Abrams, A. and Bergengruen, V. (2022). Anti-Abortion Pregnancy Centers Are Collecting Troves of Data That Could Be Weaponized Against Women. [online] Time. Available at: https://time.com/6189528/anti-abortion-pregnancy-centers-collect-data-investigation/ [Accessed 28 Nov. 2022].
  22. ‌Feiner, L. (2022). Democrats urge Google to stop collecting location data that could be used to identify people seeking abortions. [online] CNBC. Available at: https://www.cnbc.com/2022/05/24/google-data-collection-could-endanger-abortion-seekers-say-dems.html [Accessed 28 Nov. 2022].
  23. ‌Feiner, L. (2022). Democratic senators concerned about phone location data being used to track people seeking abortions. [online] CNBC. Available at: https://www.cnbc.com/2022/05/20/democrats-urge-ftc-protect-data-privacy-for-people-seeking-abortions.html [Accessed 28 Nov. 2022].
  24. ‌POLITICO. (2022). Exclusive: Supreme Court has voted to overturn abortion rights, draft opinion shows. [online] Available at: https://www.politico.com/news/2022/05/02/supreme-court-abortion-draft-opinion-00029473 [Accessed 28 Nov. 2022].
  25. ‌Brandom, R., Wetsman, N., Corin Faife and Mary Beth Griggs (2022). The biggest privacy risks in seeking abortion care in post-Roe America. [online] The Verge. Available at: https://www.theverge.com/23185081/abortion-data-privacy-roe-v-wade-dobbs-surveillance-period-tracking [Accessed 28 Nov. 2022].
  26. ‌HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996. (1996). [online] Available at: https://www.govinfo.gov/content/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf.
  27. ‌Healthinfolaw.org. (2012). Who Owns Medical Records: 50 State Comparison | Health Information & the Law. [online] Available at: http://www.healthinfolaw.org/comparative-analysis/who-owns-medical-records-50-state-comparison [Accessed 28 Nov. 2022].
  28. ‌Spector-Bagdady, K. (2021). Governing secondary research use of health data and specimens: the inequitable distribution of regulatory burden between federally funded and industry research. Journal of Law and the Biosciences, [online] 8(1). doi:10.1093/jlb/lsab008.
  29. ‌HHS.gov. (2022). U.S. Department of Health & Human Services (HHS). [online] Available at: https://www.hhs.gov/ [Accessed 28 Nov. 2022].
  30. ‌Office (2022). HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care. [online] HHS.gov. Available at: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi-reproductive-health/index.html [Accessed 28 Nov. 2022].

About the author

Bandana Saikia

A fourth-year B.A LL.B (H.) student at Symbiosis Law School in Pune, India. Her primary areas of interest include Anti- Competition Law, Cyber Law, Data Protection, E-commerce, Intellectual Property Rights, and TMT.

Kosha Doshi

A fourth-year of B.A LL.B (H.) student at Symbiosis Law School in Pune, India. Her primary areas of interest include AI, Cyber Security, Data Infrastructure, Fintech, and TMT.

Posted In: Technology

1 Comments