When law enforcement authorities demand personal data belonging to those suspected of getting an abortion, tech firms will likely hand it over.
Why it matters: Companies like Google and Facebook collect enormous volumes of personal data, including information about where we've been, what we've bought, who we've talked to and what we've said. States that have made abortion a crime are making anyone who miscarries a potential target for a police data demand.
The big picture: The companies aren't directly answering questions about how they will respond to such inquiries now that the U.S. Supreme Court is letting states outlaw abortion.
Yes, but: The firms' privacy policies and past conduct answer the question clearly: They may contest what they view as overly broad data requests, but generally they will cooperate with criminal investigations.
What's at stake: Period-tracking apps have drawn attention, for obvious reasons, but the potentially relevant data is far wider — everything from Amazon purchase data to Google search queries, and location data from cell carriers to messaging data from e-mail and chat providers.
How it works: Law enforcement already seeks access to location data, content, usernames, browser history and other online activity from tech companies through warrants or subpoenas.
- Now, they will seek that same information in connection with abortion investigations in states that have criminalized it, India McKinney, director of federal affairs for the Electronic Frontier Foundation, told Axios.
Driving the news: The Big Tech platforms haven't rushed to clarify how they will handle legal requests related to abortion prosecutions since the Dobbs decision on Friday. They were similarly silent when Axios posed the question after a draft ruling leaked in May.
- But policies for the companies — including Apple, Google and Meta (Facebook) — clearly lay out how they handle such data requests.
- "Like other technology and communications companies, Google regularly receives requests from governments and courts around the world to disclose user data," the company says in its privacy policy. "Our legal team reviews each and every request, regardless of type, and we frequently push back when a request appears to be overly broad or doesn’t follow the correct process."
Between the lines: There are a couple of reasons that companies are unlikely to confirm their plans and procedures.
- The questions remain largely hypothetical for the moment, and there isn't much to be gained from tipping their hands.
- Also, no company wants to prompt a headline saying that it intends to hand over personal data.
The intrigue: Law enforcement does not necessarily need a warrant to obtain some online information because it is sold by data brokers.
- "Even though the government could get a court order or a subpoena or a warrant to access data, at the moment, there are so many different channels for it to do so without going through that legal process," Caitlin Chin, a fellow at the Center for Strategic and International Studies, told Axios.
Our thought bubble: The post-Roe world will drive every tech company to review the volume of data they are collecting and ask whether they need it, how it could be harmful, and how long they want to hold it.
- Data minimization, already a trend and a principle espoused in the EU, becomes all the more important in the context of an increased volume of government requests aimed at enforcing laws that are opposed by a majority of the population.
- Apple has been the loudest advocate among large tech companies for limiting its own access to customer data. Google, which relies much more on data-driven ads, has also taken significant steps in recent years to make it easier to delete certain data.
- "As long as the companies are collecting that data, and storing that data, they're going to keep getting subpoenaed," the EFF's McKinney said.
Another twist: Without clear standards for personal control of data, many people will simply delete period-tracking apps or think twice about seeking out health information online — at the moment that the change in laws makes access to reliable personal health data more urgent than ever.
- "I think that people may cut themselves off from access to important reproductive health information that they need because of these privacy concerns," Chin said.
What's next: Activists are encouraging tech companies to take a fresh look at products they have in development to imagine the types of data they might generate and how that data could be used against a customer's interest by an intrusive government.
- "Privacy is a time-shifted risk, meaning, what is convenient and risk-free today can have devastating consequences tomorrow," Human Rights Watch's Frederike Kaltheuner wrote after Friday's ruling. "We should design the technologies we depend on in ways that protect us — no matter the political climate."