In light of the Supreme Court decision to overturn Roe v. Wade, a 1973 decision that protected the right to abortion under the U.S. Constitution, many have begun to assess digital privacy as it relates to reproductive rights.
The 6-3 ruling was announced Friday, June 24, and nearly half of the states in the U.S. have already indicated they will move to ban abortion. With the rise of surveillance culture, as well as apps that collect personal information about menstrual cycles, fertility, and those that track our location, how mindful should people be during this time?
According to Vice, in an article that warns of the potential to dox abortion clinics or individuals traveling to an abortion clinic, a company called SafeGraph is selling location data of groups of devices that visit Planned Parenthood locations. For anyone who wants to acquire this data, the cost is $160 for a week’s worth of location info, which includes where users came from, how long they were at Planned Parenthood, and where they went afterward.
The same company sold data to the CDC for $42,000 for “Covid-19 and non-Covid-19 use.” Safegraph stores location data on 600 Planned Parenthood locations as well as other Family Planning Centers. Some of these locations offer abortion services.
Other types of apps, such as weather apps, may also store and send users’ location data to third-party apps. The datasets are anonymized, but Vice points to this article, which examines the ability to identify individuals through aggregate data.
This calls to mind the instance in 2016 when a Boston advertising exec used mobile geo-fencing to send anti-choice propaganda to women in abortion clinic waiting rooms.
The privacy policies of both paid and free period-tracking apps contain a clause that they have to abide by government jurisdiction. Beyond the awareness of apps sharing user data, with period-tracking apps, users may be concerned that apps share data with law enforcement that indicate whether or not someone has had an abortion.
Used by a third of people in the U.S. who have periods, these highly personalized tools collect a variety of health information, which could theoretically be used to determine whether or not a user is or was pregnant. It is critical that users understand how these apps use and profit from the data they store and, especially, with whom that data is shared.
In the wake of overturning Roe v. Wade, some period-tracking apps have released statements about user privacy. Clue, a European company and one of the more popular period-tracking apps, including in the US, now links to an article on their app explaining how their data is collected and used.
They write, “we understand that many of our American users are worried that their tracked data could be used against them by US prosecutors. It is important to understand that European law protects our community’s sensitive health data.” According to the article, the European law covers US users, and law enforcement cannot subpoena US users’ health data from the app. They do not sell data to any third parties, and if data is used for scientific purposes, it is anonymized.
Tech culture site Input recently reached out to 12 different period-tracking apps to ask them about their privacy policies. When asked if they would hand over user data to authorities, the app Period Plus said, “We would have nothing to hand over, other than some analytics like a number of downloads of the app each day or how many people used the app in a given time period.” Natural Cycles said they are working on rewriting their app altogether so that not even the developers can identify users. The apps Ovia Health, Flo, Lady Timer, FitrWoman, and My Calendar did not respond to Input’s questions.
Concerns over privacy and apps that track periods are not new. It’s known that many of these apps sell data to advertisers, and as Consumer Report found, this data can be used against employees and result in workplace discrimination on the basis of health and pregnancy status. The same article reports that the popular Ovia fertility app shares data with users’ insurers and (if prompted to consent to this) employers who use care management teams.
As Ovia states in their privacy FAQ, “Ovia provides a summary of the health data you have tracked in Ovia apps to health insurers.”
It’s also been well-documented that Flo, a healthcare app that had 100 million users in 2021, handed over user data to Google and Facebook for targeted marketing purposes.
While the California Consumer Privacy Act (CCPA) states that all data sharing by companies must be disclosed, that law and others like it are new, and compliance is far from universal. Meanwhile, a 2021 New York Times article states: “From 2016 to 2019, the company behind Flo, which was founded in 2015, passed on certain intimate health details of its users to marketing and analytics companies like Facebook and Google.”
The Federal Trade Commission (FTC) filed a complaint in January, claiming it had reason to believe Flo misled its users about its data-sharing practices. However, Flo and Google have said the information was not used for advertising, and Facebook did not respond to a request for comment.
Additionally, information stored in apps that make “general wellness” claims, i.e. meditation and even period-tracking apps, is not covered under HIPAA (the federal law protecting patient health info).
As activist and author Elizabeth C. McLaughlin summed up in a series of Tweets urging period-tracker users to delete their apps immediately:
“If you think that your data showing when you last menstruated isn’t of interest to those who are about to outlaw abortion, whew do I have a wakeup call for YOU. Combine that with location tracking information and when you last menstruated and where you are seeking healthcare and you have a target on your back.”
Do your research on the apps you use. Read privacy policies to learn how and why your data is shared and with whom, and whether it is anonymized. Per the CCPA, all data sharing by apps needs to be disclosed with users, and users can opt out of any “sale” of their data, which is not limited to an exchange of that data for money. Use privacy notifications from Apple and other companies to make informed decisions about which apps to use.
Turn off your location data when not absolutely necessary. As a general practice, turning off location data both on individual apps and on your smartphone can be an easy defense against unnecessary tracking and potential privacy violations.
Pay for apps that protect your data. Remember the golden rule: If you’re not paying for the product, you are the product. A minimal subscription fee for an app is well worth it if the company takes time to protect your private information. However, you still need to read the fine print; paying for an app does not mean the provider won’t sell or share your data.
Protect yourself and others during rallies. For most pro-choice supporters, posting the likeness of themselves or others during protests and marches on social media is a no-no. Concealing their identity is a means to evade surveillance and retaliation, and even arrest. For some, being recognized at a protest poses a risk to their employment as well. One way participants can protect their privacy and preserve anonymity is to conceal their identities in public. Ways to do this include covering recognizable tattoos and wearing face masks and sunglasses.
In general, being mindful about the tech you use and remembering not to share the personal information of others who might also use these services or attend protests, are effective ways to protect yourself and your community against anyone seeking to collect and misuse this data.
Understanding how to maintain your digital privacy—and helping loved ones understand as well—continues to be crucial in this age of surveillance and data collecting. In the wake of Roe v. Wade being overturned, mindfulness about what information is being gathered by phone apps and location settings is a key piece of that.