As supporters and opponents of abortion rights continue to parse the leaked draft ruling obtained by Politico this week, one of the many questions that come up is what the overturning of Roe v. Wade, and stricter anti-abortion laws, would mean for our lives online.
Technology plays a major role in connecting people with reproductive health services, but if those now-legal options become illegal in a post-Roe environment, will those online interactions remain private?
It’s a topic for “Quality Assurance,” where we take a second look at a big tech story. I spoke with Evan Greer, director at the digital rights advocacy group Fight for the Future. The following is an edited transcript of our conversation.
Evan Greer: We’re using apps or online services to track everything from our health information to where our kids are. And all of that data is often being bought and sold and shared around. People do need to understand that the data that they share with a company, like a menstrual tracking app or something like that, doesn’t necessarily stay with that company. And so from my perspective, this is why Congress needs to pass a data-privacy law, like, yesterday.
Kimberly Adams: Let’s just say I’m using a period tracking app and I also want to renew a prescription for my birth control, or something like that. How does digital surveillance factor into that, and who might have access to that data?
Greer: Most apps that you’re sharing that type of data with are storing it in the cloud. And if they receive a subpoena, they would have to hand that information over to a law enforcement agency.
Adams: What about technology like geofencing, or location-based services that might find out where somebody is to target them for services or even to track them? How do they play into this discussion around digital privacy and reproductive rights?
Greer: First and foremost, any business, certainly, should be able to publicize their location and have it show up on maps or other search functionality. You don’t need to pinpoint a user’s location in order to do that, or certainly not in kind of a data-broker manner where that information is being bought and sold. So I would argue that that use of commercial geofencing in terms of a dragnet knowing where people are, or purchasing cellphone location data, should be outlawed entirely because it comes with such an enormous potential for abuse. But I do think we need to recognize that there is a trade-off here. And that we may need to accept that some services might need to be a little bit less useful or a little bit less convenient in order to safeguard our privacy and human rights for the future.
Adams: Right now, there are four states that have digital privacy laws. Congress has not passed one as of yet. What do you think needs to be in a nationwide digital privacy law?
Greer: I think this situation that we’re in actually exposes the kind of predominant framework for privacy that’s been pushed by the industry, of notice and consent, is wholly insufficient. Someone last week might have given their consent to an app to collect certain types of data, not thinking that their activities could be criminalized. And if in the near future, suddenly their activities are criminalized, that consent didn’t really mean a lot because they consented to it not knowing what the potential risks are with allowing that private company to collect incredibly sensitive information. It’s simply a less safe world when we have private companies collecting and harvesting and storing so much sensitive personal information about our lives. So from our perspective, what we need is laws. Rather than just creating another check box that you have to check in order to use a service, we need to create laws that simply ban abusive collection and use of data. Companies shouldn’t be able to collect more data on you than they need to provide you with the service that you’ve requested.
Adams: What general tips do you have for people who want to improve their digital privacy on their own, given the lack of national regulation?
Greer: The top tips that I always recommend are for folks to make sure you have a strong and long passcode on your phone and your computer, and to get a password manager so that you’re not using the same password for all of your accounts. And if you’re sitting on a couple 100,000 emails and you’re a reproductive health advocacy group, maybe you don’t need to be retaining all of that information and creating a huge trove that could be accessed through a subpoena or through law enforcement. And then, the last thing I’d say is for people who need to search for information online, you could use a more privacy-conscious search engine that does not store data about your searches. And you could use a [virtual private network] to make it more difficult for your internet service provider to know what websites you’re going to because that’s information that they can and will share with law enforcement if given a legal request.
Related links: More insight from Kimberly Adams
Greer posted more general tips for managing your online privacy in a recent Twitter thread. And she also points to a more detailed guide from the Electronic Frontier Foundation. That guide includes information on how to limit your data sharing on social networks and how to use encrypted messaging platforms for smartphone communication.
Several news organizations have looked at the privacy settings on some of those period-tracking apps Greer mentioned. A TechCrunch article includes a response from the menstruation tracking app Flo, which has come under fire for privacy concerns. Regarding this latest news, the company told TechCrunch that Flo would not share users’ data with third parties.
Also, the news site Protocol highlights concerns that states with strong anti-abortion laws could sue apps to demand information about their users, potentially revealing if someone violated abortion laws.
We reached out to the menstrual tracking app Clue to see how it was thinking about its users’ digital privacy in light of the recent news. The company said:
“We have received messages from users concerned about how their data could be used by US courts if Roe vs Wade is overturned. We completely understand this anxiety, and we want to reassure you that your health data, particularly any data you track in Clue about pregnancies, pregnancy loss or abortion, is kept private and safe.
“Keeping Clue users’ sensitive data safe is fundamental to our mission of self-empowerment, and it is fundamental to our business model, too – because that depends on earning our community’s trust. In addition, as a European company, Clue is obligated under European law (the General Data Protection Regulation, GDPR) to apply special protections to our users’ reproductive health data. We will not disclose it.”