Tech Giants Under Pressure To Safeguard Reproductive User Data

467

  • Calls to delete period tracking apps have gone viral in America – but the likes of Facebook and Apple have questions to answer on user privacy too.

In Friday, the US supreme court overturned Roe v Wade, the landmark 1973 decision which held that access to an abortion was a constitutionally guaranteed right. In 13 states with “trigger laws”, abortion was immediately – or will imminently be – outlawed. Others may follow, says an article published in The Guardian.

Protecting reproductive health data

As Americans grapple with the reality of the repeal, in one of just 11 countries around the world to have restricted access in the last three decades, the initial focus has been on how to continue to provide access to abortion – and how to guarantee the safety of women.

In the moments after the decision was handed down, calls to delete period tracking apps went viral, with users concerned that the data they collect may end up incriminating women; some companies took public stands, committing themselves to defending their users. “At this fraught moment, we hear the anger and the anxiety coming from our US community,” period tracking app Clue said. “We remain committed to protecting your reproductive health data.”

But the questions around personal data go far further than the narrow focus on reproductive health apps could suggest. From our story by Kari Paul:

Abortion and civil rights advocates have warned that there are few federal regulations on what information is collected and retained by tech firms, making it easy for law enforcement officials to access incriminating data on location, internet searches and communication history.

Such data has already been used to prosecute people for miscarriages and pregnancy termination in states with strict abortion laws, including one case in which a woman’s online search for abortion pills was brought against her in court.

Right to privacy

Digital rights advocacy group the Electronic Frontier Foundation (EFF) has advised companies in the tech world to pre-emptively prepare for a future in which they are served with subpoenas and warrants seeking user data to prosecute abortion seekers and providers.

It recommends companies allow pseudonymous or anonymous access, stop behavioural tracking, and retain as little data as possible. It also advocated for end-to-end encryption by default and refrain from collecting any location information.

The ruling has also highlighted the general lack of privacy protections in US law. The connection is more than just tangential: the decision in Roe v Wade is based on the right to privacy, which the supreme court held to be provided by the 14th amendment to the US constitution.

That right was first affirmed in an earlier decision, Griswold v Connecticut, which protected a married couple’s rights to contraception; supreme court justice Clarence Thomas stated, in his concurrence overturning Roe, that that decision should also be re-examined.

Heightened data security practices

In Clue’s commitment to protecting its users’ privacy, the company highlighted that, as a Berlin-based organisation, its users are protected by GDPR. “As a European company, Clue is obligated under the world’s strictest data privacy law, the European GDPR, to apply special protections to such health data,” the company said. “If we hold your data, our obligation under European law to protect your privately tracked data is the same. No US Court or other authority can override that, since we are not based in the US. Our user data cannot simply be subpoenaed from the US.”

American privacy experts caution that “dragnet” style surveillance of women’s reproductive health, with authorities demanding companies hand over entire databases, is unlikely to occur. Legal pressure could be put on such companies to pro-actively report users, however, and in the meantime the focus should instead be on protecting individual women who have been targeted for investigation. From Kari’s article:

Experts are also encouraging individuals seeking abortions to use heightened data security practices, including encrypted communications and disabling location tracking. The Roe decision has highlighted a longstanding privacy crisis affecting users of the most commonly used tech services, said Imran Ahmed, chief executive officer of advocacy group the Center for Countering Digital Hate.

Response of major tech giants

The response of major tech companies to the ruling has been complicated. As a first priority, many have focused inward, announcing policies to protect their own employees. Amazon, Facebook and Microsoft, for instance, have all confirmed they will cover travel expenses for employees who need to leave their home state to access “lawful medical services where access to care is limited in availability”, in the words of Microsoft’s policy.

But major companies have been less forthcoming about their promises to their users. Facebook, Uber, Apple and Google all failed to respond to queries about how they would handle sensitive data and respond to law enforcement requests in the future.

With Texas one of the 13 states with “trigger laws” on the books, the case has also raised questions about the state’s ability to tempt companies to relocate from Silicon Valley. Austin, a leftwing stronghold and the state capital, has been developing a burnishing reputation as a tech hub, and car company Tesla – owned by Elon Musk – moved its headquarters there late last year. SpaceX, Musk’s other company, has a launch facility on the Texas coast.

Tesla is one of the companies promising to cover employees for “healthcare services that are unavailable in their home state”. Musk himself has been silent on the ruling, though his “pinned tweet” from 24 May is a screenshot of a Wall Street Journal chart showing the declining American birthrate.

Did you subscribe to our daily Newsletter?

It’s Free! Click here to Subscribe

Source: The Guardian