A leaked draft decision indicating the Supreme Court intends to overturn abortion rights has put a glaring spotlight on how the tech industry’s rampant data collection on American consumers could be weaponized in surveilling and criminalizing women who seek abortions.
The potential risks have added fuel to the efforts of some Democrats in the House and Senate to finally pass federal privacy legislation that could set up some guardrails against the digital surveillance of women’s personal health.
“It’s important that people are aware of the information that’s out there that isn’t protected today, and what the risks are to consumers and, in particular, the huge concerns and risks that would be in place for women if the Supreme Court moves forward and we don’t protect their personal information,” Rep. Suzan DelBene, D-Wash., told CyberScoop.
DelBene has introduced several pieces of privacy-related legislation, including the Information Transparency and Personal Data Control Act.
“It’s critically important that we get legislation finalized,” DelBene said.
DelBene isn’t alone in using the threat to reproductive rights to try to mobilize colleagues in pushing past a years-long plateau in passing federal privacy legislation.
“Congress has to get serious about putting in place baseline privacy protections,” Sen. Ron Wyden, D-Ore., said at an Aspen Digital event Wednesday. “Reducing the amount of sensitive data that companies collect … will make it harder for radical right-wing prosecutors to sift through private records [to] control women’s private decisions.”
In addition to supporting consumer privacy legislation, Wyden has introduced legislation that would ban law enforcement from being able to purchase consumer data from a sprawling data broker industry, a significant loophole that law enforcement can now use to skirt the warrant process. Wyden said Wednesday that he had been in bipartisan discussions about the legislation as recently as that afternoon.
“In a world where extremists make abortion illegal that goes straight to a five-alarm crisis,” Wyden said of the data broker industry.
The risks aren’t hypothetical. Prosecutors in states including Indiana and Mississippi have used data including search history and text messages in cases related to the criminalization of abortion as far back as 2015.
Data-driven policing tools don’t stop there. Geofence warrants, which allow law enforcement to request the data of all active mobile devices within a particular area, have skyrocketed in use.
It’s not just law enforcement that can access such invasive data. A booming industry of commercial data brokers makes it so that all it takes to purchase sensitive location data of individuals who have visited a Planned Parenthood or a mosque.
Privacy is privacy
The connection between privacy and abortion rights isn’t a new one, including for the courts. While the Constitution doesn’t specifically mention privacy, the Supreme Court has time and time again pointed to the right to privacy in some of its most monumental decisions.
“Most of our privacy rights have been determined in the courts,” explained Tiffany Li, assistant professor of law at the University of New Hampshire Law. Under the Fourth Amendment, courts have weighed the scope of privacy protections for not just abortion, but the right to contraception, the right to same-sex marriage and also interracial marriage.
As data collection and surveillance has exploded thanks to technological advances, the threats to privacy have become more complicated.
“Folks tend to differentiate bodily autonomy quite a bit from data privacy but in truth, they’re one and the same,” said privacy attorney Katelyn Ringrose. “You can’t get that without having privacy with your own data.”
Ringrose isn’t alone in making the connection. She, alongside more than 30 other female privacy professionals, made that very argument in a letter earlier this month calling on Congress to codify abortion rights and legislate against data brokers.
A test for states
A post-Roe world could also pose a test to the growing patchwork of states with their own privacy laws. States like California, which offers strong consumer privacy protections, and Illinois, which has a biometric privacy law, could provide women with some additional protections that might ultimately be stronger than any federal legislation Congress passes.
California also presents a model for how states can take other steps to protect abortion data. State legislators introduced a bill earlier this year that would prohibit health care providers from releasing abortion-related data in response to a request from another state that interferes with California’s abortion protections.
Relying on a patchwork of state privacy laws, however, is a gamble that could still leave millions of American women unprotected.
“None of the state laws are sufficient to protect people against the things that we’re worried about,” said Hayley Tsukayama, a senior legislative activist at the Electronic Frontier Foundation.
And while strong consumer privacy laws could preempt some data collection before it can be weaponized, they wouldn’t completely eliminate law enforcement access to digital evidence.
“The fact that the law enforcement agencies can get data even outside of the warrant process presents a huge range of risk for a lot of people,” said Li.
Ultimately, the most significant privacy law that Congress can pass in response to fears of digital abortion surveillance is the right to abortion access, privacy experts say.
“We need federal legislation to codify [Roe v] Wade and we need federal legislation that protects information privacy,” said Ringrose.