The end of federal protections for abortion access is expected to trigger laws in more than a dozen states criminalising abortion care, with lengthy prison sentences and heavy fines aimed at providers and others who “aid and abet” an abortion, in some cases.
A decision handed down on 24 June by the US Supreme Court to overturn the 1973 ruling in Roe v Wade will have far-reaching consequences – including how law enforcement agencies use surveillance and sensitive personal data to identify and prosecute criminal anti-abortion cases.
Vice President Kamala Harris said she fears states that want to criminalise abortion care could subpoena patients’ personal data, including menstrual-tracking apps and search engine results for abortion clinics.
In a meeting with legal experts about threats to privacy protections in the wake of the Supreme Court ruling, the vice president said she fears the “vulnerability of women who are using menstrual-tracking apps, those who use a search engine to find certain locations or certain help … and how vulnerable those searches will be to bad actors attempting to track their history, much less any government forces that may be interested in investigating that for whatever purpose.”
Legislation in Congress would block intimate data gathered on smartphones – including, more broadly, location data – from getting into the hands of the companies that collect them and the companies that want to buy them.
A bill from California Congresswoman Sara Jacobs would strictly limit the sexual health data that companies can collect, retain and disclose, while a sweeping proposal from Senator Elizabeth Warren would ban data brokers from selling or transferring location and health data.
Last month, Senator Warren and a group of 13 senators criticised two data brokers for collecting and selling phone-based location data from people who traveled to abortion clinics.
One of those firms, Placer.ai, offered access to reams of data on its website showing approximately where people who have visited Planned Parenthood clinics live. The firm’s cache and related data only was removed after an inquiry from Motherboard.
Another location data company, SafeGraph, also blocked the sale of its data after reporting from Motherboard revealed that the company sold aggregated location data from people who visited Planned Parenthood facilities.
Anti-abortion activists have already relied on surveillance methods to track patients and providers, using methods like license-plate tracking and cameras outside clinics. At least one state also has reviewed sensitive patient information gathered from clinics; in 2019, Missouri’s top health official testified that the state mined detailed personal information from Planned Parenthood – including reviewing patients’ menstrual cycles, medical identification numbers, dates of procedures and the gestational ages of fetuses. Patient names were not included.
Legal analysts and abortion rights advocates have warned that the availability of location data harvested from smartphones could be exploited by anti-abortion activists and law enforcement.
The group of senators warned that such data could be used to pursue so-called “bounties” in states that have effectively deputised citizens to sue abortion providers, with cash judgments awarding plaintiffs thousands of dollars plus legal fees.
“These and other practices targeting women seeking necessary health care services are almost certain to escalate if Roe v Wade is gutted and abortion is criminalised instantly in states across the nation,” the senators wrote to data firms. “Under these circumstances, [your company’s] decision to sell data that allowed any buying customer to determine the locations of people seeking abortion services was simply unconscionable, risking the safety and security of women everywhere.”
A group of Democratic senators also wrote to Google’s chief executive officer Sundar Pichai, urging the company to “stop unnecessarily collecting and retaining customer location data, to prevent that information from being used by right-wing prosecutors to identify people who have obtained abortions.”
Law enforcement routinely has relied on location data for criminal investigations; in 2020, the company received nearly 12,000 requests from law enforcement agencies seeking so-called “geofence” data that reveals location data at a given time, according to reports published by Google and reviewed by senators.
Google’s decision to maintain location data “is creating a new digital divide, in which privacy and security are made a luxury,” according to the senators, pointing to Apple’s data restrictions. “Americans who can afford an iPhone have greater privacy from government surveillance of their movements than the tens of millions Americans using Android devices.”
An investigation by Reveal from The Center for Investigative Reporting and The Markup also found that Facebook has collected data from people who visit the websites of so-called crisis pregnancy centres, nonmedical facilities intended to dissaude people seeking an abortion.
Meta, Facebook’s parent company, prohibits websites and apps that use the company’s advertising tools from sending Facebook “sexual and reproductive health” user data, but the investigation found that Facebook’s code was discovered on the websites of hundreds of anti-abortion clinics.
Several district attorneys have told The Independent that they will not prosecute people seeking abortion care or who provide abortions, should state laws criminalising care go into effect without Roe, let alone issue subpoenas for sensitive data in anti-abortion cases.
“It doesn’t make sense to spend our time and energy thinking about how one might do that,” Travis County District Attorney Jose Garza told The Independent.
“But I think those fears and concerns are incredibly legitimate,” he said. “I think the implications for law enforcement, using their authority, in that way would deeply undermine core democratic principles.”
Senator Warren and a group of senators proposed sweeping legislation that would ban firms from selling or transferring location and health data, warning that the sale of such data poses “serious risks to Americans everywhere.”
“With this extremist Supreme Court poised to overturn Roe v Wade and states seeking to criminalise essential health care, it is more crucial than ever for Congress to protect consumers’ sensitive data,” she said in a statement on 15 June.
The Health and Location Protection Act would be enforced by the Federal Trade Commission and state attorneys general, as well as people impacted by the sale of such data, who would be empowered to sue companies who violated the law.
“Health and location data are incredibly sensitive and can be used for a range of harms, from profiling and exploiting consumers to spying on citizens without warrants to carrying out stalking and violence,” said Justin Sherman, a researcher with the Data Brokerage Project at Duke University’s Sanford School of Public Policy.
The My Body My Data Act from US Rep Sara Jacobs would strictly limit which sexual health data can be “collected, retained, used, or disclosed” to only what is necessary to use the product.
It also aims to protect such data that is not currently covered under the Health Insurance Portability and Accountability Act, a federal law protecting sensitive patient information from being disclosed without the patient’s consent.
“Since the Supreme Court leak, I’ve heard from so many people who are panicked about their personal reproductive health data falling into the wrong hands,” the congresswoman said in a statement.
The bill would “protect that information, protect our privacy, and reaffirm our rights to make our own decisions about our bodies,” she said. “As a young woman, reproductive health care is my health care. And like tens of millions of Americans, I’ve used period-tracking apps to help manage my reproductive health. It’s unconscionable that information could be turned over to the government or sold to the highest bidder and weaponised against us.”
This story was originally published on 16 June and has been updated