Lawmakers Scramble to Reform Digital Privacy After Roe Reversal

8 minute read

Before Roe v. Wade granted women the constitutional right to abortion in 1973, most abortion procedures were kept hidden, even from close family members. Some women destroyed evidence and traveled in the wee hours of the morning to cover their tracks. But with today’s advances in technology, even though it’s never been easier or safer to access abortion at home, keeping it private could turn out to be much harder. The websites and apps that people use every day leave a digital footprint that’s nearly impossible to hide.

The Supreme Court’s reversal of Roe v. Wade on June 24 has directed a spotlight on the question of digital surveillance, as Google searches, location information, period-tracking apps and other personal digital data could be collected and used as evidence of a crime if one seeks to terminate a pregnancy—or helps someone do so—in states where it’s illegal. The prevalence of abortion pills, which allow people to end their pregnancies in their own homes, raises new privacy issues, as most patients must order the pills over the Internet or access a telemedicine appointment to have the medication prescribed.

While some lawmakers have been fighting for this issue for years, legislation that would enshrine safeguards against the collection of personal data by governments and companies for criminal surveillance and corporate profit has stalled. But the urgency has intensified in recent weeks.

“The answer can’t be just don’t use technology,” Rep. Sara Jacobs, a Democrat from California who introduced a digital privacy bill in June, tells TIME. “These are services that are very helpful to people. The answer is for us in government to do our job and put the protections in place.”

The day of the Supreme Court’s decision, Google search interest for “how to get an abortion” was more than six times higher than the previous day. Internet searches like these could turn up in criminal cases, and it’s hardly out of left field. In 2017, prosecutors used a Mississippi woman’s search history for pregnancy-terminating medication as evidence in a trial over the death of her fetus. And in 2015, prosecutors used text messages about abortion pills, exchanged between friends, to convict a woman of child neglect and feticide.

“The current privacy protections are fairly weak,” says Hayley Tsukayama, a senior legislative activist at the Electronic Frontier Foundation, which advocates for digital rights. There is no single, comprehensive federal law regulating how user data is collected, stored or shared, leaving the issue of digital privacy largely up to companies to decide, she says. Period-tracking apps, for example, which millions of people use to help track their menstrual cycles, could sell information to third parties.

“You can ask websites and apps to stop collecting your information, and you can even ask them to stop selling it,” Tsukayama says, but without a federal data privacy law in place, “You can’t really force them.”

Here’s a look at recent bills that have been introduced at the federal and state levels aimed at protecting digital privacy.

My Body, My Data Act

The My Body, My Data Act, introduced in the House on June 16 and later in the Senate, would task the Federal Trade Commission (FTC) with enforcing a national privacy standard for reproductive health data collected by apps, cell phones and search engines. It would require that companies collect and store only the health information that is strictly needed to provide their services. It would also give users the right to access or delete their personal data.

Rep. Jacobs, who introduced the bill, says digital privacy concerns are especially acute in states like Texas and Oklahoma where citizens can access up to $10,000 rewards for reporting those who violate the states’ abortion laws. “It would make it so that a small right-wing nonprofit group in Texas couldn’t just buy up or get access to this data and create a mass surveillance system,” says Jacobs, “to be able to turn people in who are seeking abortion as is incentivized in the Texas bounty law.”

Democratic Sens. Ron Wyden and Mazie Hirono, longtime proponents of digital privacy reform, introduced the bill in the upper chamber. The bills have been endorsed by Planned Parenthood, NARAL, National Abortion Federation, URGE, National Partnership for Women & Families, Feminist Majority and the Electronic Frontier Foundation.

Jacobs says there’s a “very good chance” that the Democrat-led House votes on the bill soon. “I think that people really recognize the urgency of this moment,” she says. But the chances it passes the sharply divided Senate are steeper, privacy experts tell TIME.

Stop Anti-Abortion Disinformation Act

Another bill, called the Stop Anti-Abortion Disinformation (SAD) Act, was introduced on June 23 by a group of Democrats led by Rep. Carolyn Maloney of New York and Rep. Suzanne Bonamici of Oregon, as well as Sens. Bob Menendez of New Jersey and Elizabeth Warren of Massachusetts.

It aims to crack down on misleading advertising by anti-abortion pregnancy centers, known as crisis pregnancy centers, which often style themselves as reproductive health clinics without making it clear they are faith-based organizations whose mission it is to dissuade pregnant women from having abortions.

Read More: Anti-Abortion Pregnancy Centers Are Collecting Troves of Data That Could Be Weaponized Against Women

A recent TIME investigation found that these pregnancy centers also collect vast troves of personal data on the women who come to them for help. These women often do not understand that they are providing detailed health information—including addresses, marital status, demographic information, sexual and reproductive histories, test results, ultrasound photos, and information shared during consultations—to organizations run by the anti-abortion movement. Because most pregnancy centers, which outnumber abortion clinics three to one across the country, are not licensed medical clinics and offer services for free, privacy lawyers tell TIME that they are not legally bound by federal health data privacy laws.

“By promoting deceptive or misleading advertisements about abortion services, crisis pregnancy centers jeopardize women’s health and well-being,” Sen. Menendez said in a statement. The SAD Act directs the FTC to prohibit deceptive practices by these centers, and authorizes the agency to enforce these rules and collect penalties.

Some abortion providers already began taking steps to safeguard patient information prior to the Supreme Court ruling. Many are now using paper records, making phone calls instead of texting or e-mailing, and using encrypted messaging apps.

Health and Location Data Protection Act

Yet another bill, the Health and Location Data Protection Act, introduced by Sen. Elizabeth Warren, Democrat of Massachusetts, on June 15, would ban data brokers from selling or transferring a person’s medical and sensitive personal information, with a few limited exceptions. It would also give the FTC $1 billion over 10 years to enforce these rules. “Data brokers profit from the location data of millions of people, posing serious risks to Americans everywhere by selling their most private information,” Warren said in a statement the day the legislation was introduced.

Recent reporting from Vice found that for $160, one could buy a week’s worth of data on where people who visited more than 600 Planned Parenthood clinics came from and where they went afterward. Although that data was not tied to people’s names, privacy advocates argue that such details are discoverable if an individual’s travel patterns are unique. Acquiring and selling user data, experts say, is a billion dollar industry that continues growing.

“Data collection and processing is really at the heart of a lot of business models now,” EFF’s Tsukayama says. “It’s very difficult to convince people to change that unless there are some penalties or some other mechanisms to push that change.”

Read More: America’s High-Tech Surveillance Could Track Abortion-Seekers, Too, Activists Warn

State Legislation

In some states, local lawmakers have taken matters into their own hands.

Pennsylvania state Rep. Mary Jo Daley, a Democrat, introduced legislation on May 4 that would bar pregnancy centers in the state from sharing client data without permission. She noted a recent decision by the state’s Office of Open Records that said that pregnancy centers in the state were risking client’s privacy rights by sending their data—including names and the services they received, as well as their pregnancy status, sexual history and STD information—to Real Alternatives, the state-funded network of anti-abortion pregnancy centers.

“My bill would regulate what [data] they collect and the authorizations that they would be required to have, providing information to the woman so they would know exactly what they are signing on to,” she told TIME. “On its own this is a dangerous invasion of privacy but considering recent movement to deputize private citizens into vigilantes to regulate reproductive health, the threat is becoming even more imminent.”

Right now, though, states can only do so much, says Alan Butler, executive director and president of the Electronic Privacy Information Center. Because the U.S. lacks a comprehensive set of federal digital privacy laws, women in states banning abortion are especially vulnerable.

“The states that are more likely to restrict abortion rights,” he says, “are also the states that don’t have strong privacy laws.”

More Must-Reads From TIME

Write to Nik Popli at nik.popli@time.com and Vera Bergengruen at vera.bergengruen@time.com