When you visit a reproductive health clinic or have a telehealth meeting online with a doctor in the United States, the medical professionals you interact with are generally prohibited from sharing your health data without permission. But that privacy doesn’t extend to everyone keeping an eye on your activities – like your phone, the apps you use, or even your car’s location mapping tools. For them, personal data about your health is just another commodity – and through companies known as “data brokers” it’s for sale to the highest bidder, including the police. That needs to change.
In the wake of the Supreme Court decision in Dobbs v. Jackson Women’s Health Organization, millions are living under the specter of surveillance and criminalization for seeking, assisting with, or providing abortion care. The dangers that electronic surveillance poses to reproductive health privacy are daunting. Cell phone location data can reveal visits to clinics; last October, Idaho police used geolocation records stored on a phone to track a visit to a Planned Parenthood in Oregon. Communications metadata that logs who we call and text – the type of records recently stolen from over 100 million AT&T users – can reveal when a pregnant person receives abortion care. Web browsing data can show efforts to obtain reproductive health information, find clinics, and purchase medication abortion pills.
Sensitive personal records have already been used to prosecute reproductive health activities and adverse pregnancy outcomes like stillbirths and miscarriages. It’s time to fix the gaps in our nation’s privacy laws that allow people’s health-related information to be recklessly bought and sold.
Right now, state authorities may be able to weaponize a range of criminal statutes to investigate and prosecute pregnant people and others who help facilitate their reproductive care. Some states also allow, or are considering legislation that would allow, private citizens to sue people for “aiding and abetting an abortion.” As pregnant people increasingly rely on telemedicine and out-of-state travel for abortion care, they may face investigations and litigation even when the care they seek is lawful in the state where it’s provided. Digital information will be at the heart of such cases, as investigators and prosecutors look to online purchase histories, people’s location data, and more. These tactics will compound the harm that low-income, Black, and brown women – who are disproportionately subjected to both police over-surveillance and to criminal proceedings for their reproductive health care and pregnancies – have already experienced.
Given these risks, it’s encouraging to see many states enacting “shield laws” to proactively stop sensitive data from being disclosed for out-of-state investigations into reproductive health activities. Over the past two years nineteen states have enacted shield laws to protect the privacy of people seeking reproductive care. In particular, shield laws in California and Washington – home to most of the nation’s biggest tech companies that hold electronic communication and Internet records – generally prohibit electronic communication providers based in-state from complying with warrants, subpoenas, and any other demands for data stemming from investigations into reproductive health activities. Right now, if a Texas prosecutor demanded web browsing data from Google in California to see if a pregnant person was seeking medication abortion from an out-of-state provider, or Florida police wanted Microsoft to hand over communications logs of a clinic to track whether a state resident traveled there, shield laws would bar the companies from disclosing those sensitive records.
However, the protections these shield laws provide are undermined by what’s known as the “Data Broker Loophole.” Data brokers stockpile and sell troves of sensitive information, and law enforcement is a major buyer, bypassing requirements to obtain warrants and subpoenas by simply purchasing data instead. The Data Broker Loophole is more than just a shortcut for law enforcement to sidestep court approval for investigations: it allows prosecutors to circumvent states’ shield laws altogether because they can simply buy information, such as data revealing a person’s location history, that would otherwise be blocked from disclosure.
Lawmakers at both the federal and state level must address this problem, and pass legislation to stop police from exploiting the Data Broker Loophole. Sensitive data about people’s reproductive health decisions are not safe if law enforcement across the country can simply purchase them – without any due process or legal scrutiny – to prosecute people for buying medication abortion online or driving loved ones out of state for abortion care. Closing the Data Broker Loophole to limit reproductive health surveillance has to be a priority in the fight to ensure access to reproductive health care and mitigate tracking and prosecution of abortion.
This measure is, of course, not a silver bullet. Some sensitive data are not protected by shield laws and may be sought directly by police, such as phone logs from Texas-based AT&T. And data protected by shield laws – such as browsing logs stored by Google and emails held by Microsoft – can still be pulled from individuals’ phones and computers if stored on those devices and then seized by police.
It’s important for people to stay vigilant about what data they generate, where it is stored, and what it might reveal about them if it ends up in the wrong hands. But closing the Data Broker Loophole would represent a major step in offering critical safeguards for the privacy of pregnant people and help address the dangerous threat of abortion surveillance and criminalization.
This piece originally appeared on Tech Policy Press.
