Data privacy in a post-Roe world
Katherine Mansfield/Observer-Reporter
Planned Parenthood’s female health app Spot On offers users the option of continuing without an account, for extra privacy. Women’s rights advocates and others warned people, especially those living in states with trigger abortion bans, to delete health apps following the overturn of Roe v. Wade in June.
Courtesy of Ridhi Shetty
Ridhi Shetty, policy counsel, privacy and data project, Center for Democracy & Technology, says women and women-identifying persons use health apps to conveniently track their cycles. The data stored to those apps is accessible to third parties, including law enforcement, which is concerning following the overturn of Roe v. Wade in June.
Courtesy of Hanan Hibshi
Dr. Hanan Hibshi is an expert in security, and cautions that everything done online – whether it be a Google search or the use of an app – can be traced and tracked back to the individual. While data privacy has been a hot topic following the overturn of Roe v. Wade, Hibshi said simply weigh the risks of phone, tablet and computer use and do what you feel most comfortable doing online.
Pro-choice advocates took to the streets and messages warning women to delete health apps flooded the internet after news broke that Roe v. Wade was officially overturned.
The Supreme Court handed down its Dobbs decision June 24, enacting abortion trigger bans in 13 states and sparking concerns over digital privacy nationwide.
“These days, we have kind of our entire world on our phones,” said Ridhi Shetty, policy counsel, Privacy & Data Project, Center for Democracy & Technology.
“For instance, if you … need something that’s going to make it really easy for you to take control over your reproductive health, to track, for instance, your periods, track whether you have or have not taken your birth control pill that day, you may really be heavily relying on an app that makes it a lot easier for you than kind of something that you could potentially more easily lose, like a notebook or calendar.”
The tradeoff for information at one’s fingertips is privacy.
“A lot of this data, when it’s being collected (by) commercial entities, it’s not going to be protected,” Shetty said.
When an app is downloaded to a phone or tablet, information is sent and stored somewhere, even if data isn’t saved to the cloud. As long as you’re connected to the internet – and these days, it seems people are always plugged into WiFi – your information is accessible.
Accessible information is always for sale to the highest bidder.
“Sometimes you talk about a topic with a friend and then you find it on your phone. Same with searches: you would search for one item out of curiosity, and then suddenly you get all those ads about that item. The ads are obvious to us because we see them,” said Dr. Hanan Hibshi, assistant teaching professor at the Information Networking Institute at Carnegie Mellon University. “What is not obvious is where the information is going.”
In a post-Roe world, a person’s information could wind up anywhere, with far-reaching and ominous implications.
“Our ads are no longer something cheesy you don’t care about. It gets really personal,” said Hibshi.
In a now-famous 2012 case, a teenage girl purchased pregnancy tests at Target. Shortly after, coupons for pregnancy-related items arrived in the mail before she could plan next steps or inform her father.
Following the overturn of Roe v. Wade, for women trying to access reproductive health care – particularly those living in states like Texas, where the government offers up to $10,000 for information about people seeking or doctors performing abortions – leaked information that’s a nuisance to some may spell fines and imprisonment.
It’s not just information stored to health apps. A simple Google search, or having one’s location “on,” might tip off third parties and law enforcement.
“I might not know what it is that you’re searching for on (a website), but I know you visited the website and that’s metadata. That could give me enough information to figure out that there is an interest on your side in things like that,” explained Hibshi. “If it happens that you visit a café that’s next to an abortion clinic, that tells me something.”
Hibshi said downloading a VPN (virtual private network) makes the internet more secure, and being aware of what apps – including web browsers – know your location can help protect your information.
Corporations are also trying to protect women’s health information. Following the overturn of Roe v. Wade, Flo, a popular cycle tracking app, launched Anonymous Mode.
Anonymous Mode separates personal names, emails and other identifiers from monthly health data, so even if Flo receives an official request to ID a user by name or email, the company cannot comply, it explained in a press release.
“Flo will never share or sell user data, and only collects data when we have a legal basis to do so and when our users have given their informed consent. Any data we do collect is fully encrypted, and this will never change,” Susanne Schumacher, Flo’s Data Protection Officer, said in a news release.
The Berlin-based app Clue, which boasts 12 million users worldwide, also offered assurances to American customers following the Dobbs decision. The company wrote on its website that it operates under the European GDPR, “the world’s strictest data privacy law,” and promised never to allow anyone to use private health data and decisions against its consumers.
Other foreign cycle tracking apps made the rounds on social media, but Hibshi said to proceed with caution.
“The other thing to think about is where are these things hosted? If they are hosted on platforms in the U.S. versus Canada versus Europe versus other parts of the world, laws apply differently. In some countries, there’s no barrier to the government to access whatever they want,” Hibshi said. “Are you comfortable with those foreign governments having access to your data?”
Shetty said she can’t offer the public recommendations for “FemTech” without studying each app, but those that store information locally tend to be more secure.
Apps that allow you to delete your information and do not store information beyond a certain term are also safer, she said.
Planned Parenthood’s Spot On period tracker and birth control app meets that criteria. User data is not sold or shared, and individuals can use the app without creating an account.
“This way, period or birth control data is only saved locally to a person’s phone and can be deleted at any time by deleting Spot On,” Ambreen Molitor, National Director, Product Innovation & Learning at Planned Parenthood Federation of America, said in an emailed statement. “Without an account, there is no personal identifiable information on Spot On’s secure servers.”
Nonprofits’ apps – like Planned Parenthood’s SpotOn – are also more secure, said Hibshi.
“Nonprofits or organizations that are trying to provide cycle trackers with more anonymity are better apps to use than those (that) gather lots of info about you,” she said. “You can look at the history of certain companies and how they do their data sharing, and then judge for yourself if you want to do that or not.”
Individuals using health applications should read privacy policies before agreeing to terms and conditions, but often those policies are so lengthy it’s easier to simply scroll through, check the box and launch the app.
“It really shouldn’t be the consumer’s responsibility to have to prevent their own exploitation of their data. It’s something that companies should really be taking ownership of,” Shetty said. “Essentially, a lot of this is really controlling bodies. It’s controlling bodies through data, controlling them digitally.”
That control extends beyond that of women who may become pregnant.
“For instance, for people of color, especially Black people, they’re already disproportionately surveilled. You add to that a history of health-care discrimination and higher risks of mortality for pregnant Black people who have also been disproportionately criminalized for pregnancy outcomes,” Shetty said. “Think of the adverse economic outcomes that a forced pregnancy would have for low-income people.”
A forced pregnancy may compound existing health-care expenses for disabled individuals, who may forego certain supports to care for a child, Shetty said.
“It also will end up denying gender-affirming care to transgender people and non-binary people who don’t want to be pregnant,” she said.
Leaked or purchased health data could be used in the present to stop individuals from accessing reproductive health care, but there’s no limit to future uses of that information.
“We don’t have evidence of how this is being used, but what does the future hold? It could be used for insurance, health insurance costs, to figure out your rates,” Hibshi said. “Once they track the cycle and maybe see that you’re going through menopause, or your risk for cancer increases, or whatever data correlations they can throw away from your cycle,” insurers can recalculate your premium.
While data privacy and implications of its access sounds dystopian, Hibshi and Shetty agree there are silver linings.
The My Body, My Data Act was introduced in the House of Representatives in June. If passed into law, the act would limit the collection, retention and use of reproductive health data and protect information not covered under HIPPA (like health data on phones or search engines). My Body, My Data would also require more clear-cut explanations by apps and search engines for how information is used, sold and stored and offer consumers the opportunity to access or delete personal data.
“We see efforts both on The Hill to legislate further as well as efforts by agencies to use their existing authorities to … ensure that consumers are being protected in a variety of different forms,” Shetty said.
Security is complex, Hibshi said, conceding the rumors and worst-case scenarios circulating online and in private discussions can be overwhelming.
“I’m not saying to people, go close your phones. What I’m saying is, weigh your risk,” Hibshi said, noting she uses her phone just like everyone else. “If there is something you feel uncomfortable sharing, think twice before you put it into the device. Am I comfortable with this information getting leaked? If I am, then I make that choice. It’s nice to have choices.”
For those living in states that feel more Big Brother than ever, there’s an old-school alternative to health apps.
“The safest option is, of course, to track your cycle some other way,” Hibshi said. “I mean, before cycle tracking apps, we had manual calendars.”