Tech companies are scrambling to adjust their data privacy practices in response to Supreme Court overturned decision Roe v Wade And the subsequent criminalization of abortion in several states as the wider public realized the data these services collected could be used to prosecute people seeking abortions. For example, Google recently announced that it will automatically delete location data if people visit medical facilities, including abortion clinics (it still collects it, of course). Period tracking app Flo is introducing an “incognito mode” that should let users remove any identifying information from their profiles.
If you’ve never been so concerned about how and why you’re constantly being watched online, you probably have a lot of questions now about how all of this works – especially when it comes to reproductive health data and what data can be used against you. We’ve answered some of those questions here, from how scared you should be of period apps to what you can do to protect your private life… by all means, do as much as you can.
Should I delete my period app?
This seems to be the biggest question people have about online privacy roe reverse. The short answer is: yes. If you want to keep your reproductive health and menstrual data private – especially if you’re concerned it could become part of a criminal investigation – don’t put it in the app.
The longer answer is that when it comes to online privacy and health privacy, removing a period tracker app is like taking a teaspoon of water out of the ocean. The current anxiety about period apps is understandable given the purpose they serve. But this is also short-sighted. There are countless more efficient ways for interested parties to track your pregnancy status (expected parents buy a lot, so knowing when someone is pregnant and targeting them with ads can be lucrative) and law enforcement can do so much more, If they are investigating whether you have an abortion in a state where it is illegal (more on that later). Period tracker app data will only tell them so much, and only the information you provide.
As the draft comments indicate roe The leak will be reversed in May, and during a time when apps are likely to be more scrutinized than ever, many of them are scrambling to assure users that their data is safe, or that they are implementing additional protections. While some period trackers are better than others, the only way to ensure that no one can get any information about you from a period app is to not use them at all.
Are there other ways to track my period more securely than a period app?
Yes. People have been menstruating for as long as people have existed. Times apps, smartphones, and even the internet have only been around for a fraction of the time. If you track your cycles on a paper calendar, that data isn’t sent to third parties or stored in some companies’ clouds for law enforcement access. Digital calendars also exist, such as Google’s Calendar and Apple’s iCal. You might feel better about these because they’re not designed for period tracking, and Google and Apple don’t send your data to third parties like some of these period apps do. But that doesn’t mean the data is fully protected, as I’ll explain later.
You can also use apps that don’t upload your information to the cloud, as Consumer Reports recommends. If someone takes control of the device it’s on, the data can still be accessed, but the same goes for paper calendars.
OK, I deleted my period app. I now have abortion data ready, right?
It’s understandable why people pay attention to period apps. They specialize in reproductive health, and removing an app gives people a seemingly quick and easy solution and a sense of agency. But the truth is that when it comes to online privacy and abortion, period tracker apps are pretty low on your list of things to worry about. You can delete an app, but that doesn’t make the entire ecosystem built on knowing as much about you disappear. If abortion is illegal where you live and law enforcement is investigating your possible access to one, even the most privacy-conscious companies could be forced to give law enforcement any data they have about you. You may also be forced to give them any data you have.
Let’s look at Google, because it probably has more data about you than anyone else. Google knows a lot about you based on which services you use (or which apps you use or the websites you visit), such as where you go, what you search for on the internet, the websites you visit, your Emails you send and receive, text messages you send, and photos you take. Google doesn’t necessarily want to share this data with anyone else, because being its sole owner is one of Google’s competitive advantages. It won’t give it to, say, an anti-abortion group that wants to weaponize it.
Every other company will have a version of this clause. Even Apple, which has a reputation for privacy, provides data to police if forced to do so. When it refused to help the FBI access iPhones suspected to be owned by terrorists, it was because Apple did not install backdoors in its devices and would not create them.But any data that these people upload to iCloud, like backups of these devices — which is data Apple owns — it did supply.
Google, for what it’s worth, has responded roe The news broke by announcing that it would automatically delete location data around certain places, such as abortion or fertility clinics. That should mean the police can’t get it because they don’t have anything to get. But they can still find plenty of potentially incriminating evidence.
What are the chances that law enforcement will actually do this?
We don’t know if and how law enforcement goes after people seeking abortions, but we do know how they obtain and use data to go after others. They include a woman who allegedly killed her baby after it was born, and another who was accused of intentionally inducing labor. In these cases, texts, web searches and emails obtained from the women’s own phones were used as evidence against them. There’s no indication that police wouldn’t do so when investigating people suspected of obtaining now-illegal abortions.
What about the data available to NGOs?
when. . .when roe Reversing the decision to leak first, there are several stories showing how much of your data is in the hands of random data brokers and how easily that data falls into the hands of others. This data is “de-identified”, but based on the data collected and shared, it is possible to re-identify someone from it. Last year, for example, a pastor was exposed by data from Grindr. (An important caveat: While the publication that exposed him said the data it used was “commercially available,” it never said it obtained it through purchases.)
Frankly, the chances of a private group buying the data and being able to figure out you had an abortion and who you are are pretty slim. If abortion is illegal where you live, then what you have to worry about is who has access to more specific and sensitive data – the police. But nothing is impossible, especially when our vast amounts of data are sent to so many places.
Is my medical information not protected by HIPAA?
Probably not as much as you think. First, not every medical or health-related service is covered by HIPAA. These pro-abortion pregnancy centers collect large amounts of sensitive, reproductive health-specific data, and even if they perform medical procedures, and even if they cite HIPAA in their privacy policies, they may not be subject to HIPAA’s privacy rules.
However, suppose you see that a provider is a protected entity. Well, yes, your health information is protected. Unless you have broken the law, in which case the police may have access to these records or some details of them.The Department of Health and Human Services, which enforces HIPAA, recently issued new guidance on reproductive health care disclosures in response to roe Reversing, emphasizing that such disclosures can only be made in very specific circumstances.
How to protect my data? What about privacy apps like Signal?
Likewise, what data enforcement or data brokers can get from you depends on what you give them. Google can only hand over what it has to the police. Services like Signal and Proton, which use end-to-end encryption and don’t store your data, can’t give the police any information, no matter how many search warrants they receive. But if you have this data on your device and the police can access it, all the end-to-end encryption in the world won’t save you. That’s why Signal offers a feature called Disappearing Messages that will permanently delete messages in a chat after a set amount of time per device in the chat.
There are also steps you can take to prevent your data from being collected, but these may involve more steps and technical knowledge than you are willing or know how to do. This is especially true if you’re just having a sudden need for privacy and you have other things to worry about (such as dealing with an unwanted pregnancy).
This means that your best bet is to read and become familiar with these measures now, when you have the time and emotional bandwidth to figure out what you can and want to do and practice incorporating them into your daily life. Some of these may not be as difficult or accessible as you might think, especially when you do it so often that they become automated.
The Verge recently published some good and clear advice. The Electronic Frontier Foundation has a guide. Gizmodo’s privacy how-to guide tells you everything you can do and why. In a world with little privacy protection and an economy based on sneaky data collection, nothing is foolproof, but you can take these steps to significantly reduce your data exposure.
What else can I do?
The best privacy protection our government has yet to offer us: data privacy laws.This roe The reversal makes the consequences of not having them clearer than ever, and lawmakers have introduced health data-specific bills in the Senate and House in response to the decision.You can urge your representatives to support and push for the passage of these bills, as well as some of the wider consumer Privacy Act Already launched (or reportedly coming soon). These could limit what data companies can share or sell to other companies, or even what data they can collect in the first place.