Center for American Progress

Donate

Center for American Progress

Stopping the Abuse of Tech in Surveilling and Criminalizing Abortion
Report

Stopping the Abuse of Tech in Surveilling and Criminalizing Abortion

Apps and consumer data could be weaponized to criminalize those seeking, providing, and supporting abortion care, and policymakers and individual Americans should act to protect private reproductive health information.

Strengthening Health, Abortion Rights, Biden Administration, +11 More

Media Contact

[email protected]

Government Affairs

[email protected]

In this article
A woman seeking an abortion looks at a computer where a webpage for abortion pills is visible.
A woman seeking an abortion looks to buy abortion pills online in Arlington, Virginia, on May 8, 2020. (Getty/Oliver Douliery)

Introduction and summary

In a world where much of our daily lives is captured online, major technology and telecommunications companies hold tremendous power over Americans’ data and the fate of people’s digital footprints.1 Particularly under leadership that has boasted about overturning Roe v. Wade,2 there is a dire urgency to protect people’s online privacy and private reproductive health information.3 The U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization set a foundation for states to ban abortion across the country,4 and it emboldened opponents of abortion rights, state legislatures, and prosecutors to use any means necessary5 to control pregnant people’s bodies—including monitoring their digital lives.6

This field is hidden when viewing the form

Default Opt Ins

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

Variable Opt Ins

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

Many authors of and contributors to Project 2025, the far right’s authoritarian playbook for the presidential administration,are being proposed as potential candidates for positions in the Trump administration7—a clear sign of an orchestrated effort to criminalize abortion care and surveil people pursuing reproductive health care.8 As part of those efforts, major tech companies could be weaponized as conduits to track and prosecute pregnant people seeking abortion care and their providers.9 If not adequately mitigated, the technology and telecommunications industries could play an instrumental, though inadvertent, role in implementing a backdoor, nationwide abortion ban—that is, imposing severe restrictions that make it functionally impossible to access abortion care—and controlling women’s bodies.10 Furthermore, Black women and other women of color and immigrants who already face heightened levels of surveillance and criminalization could be disproportionately affected by the negative impacts of using tech to track pregnancy outcomes, given that they are already more likely than their white counterparts to be criminalized during pregnancy and motherhood.11 Discriminatory surveillance tactics already used by law enforcement could be further adapted to enforce abortion bans.12

As many people increasingly turn to telemedicine and online options for abortion care,13 weak protections for digital information may put hundreds of thousands of abortion seekers and their providers at risk of criminal prosecution or individual harassment. In states where abortion is banned, law enforcement agencies are increasingly turning to information obtained online to prosecute those who seek or provide abortion care.14 This prosecution is likely to become more common as digital data become more easily accessible.15

Tech companies must be required to act to safeguard Americans’ online information and to prevent the misuse of any type of data that could be used as evidence in pregnancy-related prosecutions. Likewise, the U.S. government must address significant gaps in privacy laws by advancing comprehensive federal privacy protections for all Americans and must establish oversight and enforcement mechanisms to ensure companies comply with the requirements. Individuals can also take steps to protect their sensitive reproductive health information from digital surveillance and misuse by limiting who they share data with and by exercising caution in online communications by using secure messaging platforms.

HIPAA’s role in protecting individuals’ personal health information

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes federal standards to protect the privacy and security of individuals’ sensitive, personal health information, referred to as “protected health information” (PHI).16 The rule aims to ensure that PHI cannot be used or disclosed without an individual’s consent. PHI includes “individually identifiable health information”17 that could identify an individual or reasonably be used to do so. Most health care plans, clearinghouses, and providers—along with their business associates—are required to comply with the rule. These entities are required to implement measures to ensure the confidentiality, integrity, and security of PHI.18 HIPAA also provides individuals with rights over their health data, including the ability to access and correct their PHI and, in certain cases, restrict its use or disclosure.

In 2024, the Biden administration finalized a rule to modify regulations under HIPAA to further strengthen protections for reproductive health information.19 The new rule prohibits the use or disclosure of PHI for the purpose of imposing or conducting investigations or other activities to establish the liability—administrative, civil, or criminal—of any person for the mere act of seeking, obtaining, providing, or facilitating lawful reproductive health care.

However, even with this new rule, HIPAA has notable limitations,20 and these gaps can make individuals vulnerable to the mishandling, sharing, and misuse of their personal health information. Not every entity or business that collects health information is required to adhere to HIPAA.21For instance, apps that track users’ fitness goals, menstruation, and mental health are not covered by HIPAA, even when they collect sensitive health information.22 This includes instances when a health care provider communicates with a patient through an app that is not a covered entity. This also means that sensitive health information provided to these apps by individuals is potentially vulnerable to unauthorized access and misuse, not only by the app itself but also by third parties such as data brokers, advertisers, or even law enforcement.

See more

Big Tech’s business model facilitates mass surveillance of users seeking reproductive health care

Many tech companies—whether by design or negligence—play a role in the hypersurveillance of people seeking sexual and reproductive health care, particularly abortion care.23 As noted in a September 2024 report from the Federal Trade Commission (FTC), online advertising practices, in particular targeted advertising, incentivize companies to collect mass amounts of data from users for profit.24 With few protective measures in place, companies are encouraged to practice more invasive methods of data collection,25 and this incentive structure provides little motive for companies to self-regulate and protect consumers’ data.

For instance, apps that track users’ fitness goals, menstruation, and mental health are not covered by HIPAA, even when they collect sensitive health information.

Furthermore, companies employ a “notice and consent” framework as the default approach to user privacy.26 Most commonly, this process presents users with a service’s terms and conditions and privacy policy notice and asks them to give permission or “consent” to the company’s data collection practices by checking a box.27 However, this practice is insufficient in ensuring individuals’ informed consent and protecting their privacy, and it should not be the default framework for user privacy. Research shows that people are inclined to click “I agree” to these notices,28 often without reading them29 or without fully understanding them.30 Under this model, consumers have little to no bargaining power when it comes to how companies collect and use personal data: They are forced to choose between accepting a company’s terms to gain access to a service or declining and being denied access altogether.

The consequences of this business model are far-reaching and daunting in the absence of federal protections for abortion, as the collection of sensitive health data exposes users to the risk of significant privacy invasion and criminalization.31 Instead, companies should exercise a data minimization approach in which they only collect information that is reasonably necessary to provide a given service.32 This approach would protect sensitive health data by limiting the volume of data collected and retained,33 and it would reduce the risk of unauthorized access to and misuse of people’s data.

Data brokers collect and sell sensitive information to the highest bidder

Data brokers are companies that collect information from different sources and then aggregate and sell that information to other third-party clients.34 Although this does not include protected health information such as medical records, which are covered by HIPAA, data brokers are still able to create detailed personal profiles and sell them. Although some state laws impose limited requirements on data brokers, the sector remains largely unregulated at both the state and federal levels.35 The U.S. data broker industry generated more than $250 billion in 2023 from the sale of personal information,36 including sensitive reproductive health data, often collected without users’ awareness or informed consent.37 For instance, public records show that 79 data brokers registered in California currently sell precise geolocation data and 25 sell reproductive health information.38

State-level legislation, such as the California Consumer Privacy Act and the California Delete Act,39 attempts to mitigate these risks by requiring companies to disclose what data they collect40—granting consumers the right to opt out of their data’s sale—and by enabling deletion requests.41 The Delete Act goes further by introducing a centralized mechanism for consumers to request deletion of their data from data brokers’ collections. However, these protections rely heavily on individual users to opt out of data collection and sale,42 a burden that many people may not realize they need to shoulder. Furthermore, data brokers operating outside of California are not bound by these rules, creating a patchwork of protections that leaves significant gaps. This underscores the need for federal legislation that standardizes privacy protections across all states, ensuring consistent rules for data brokers regardless of where they operate.

Data brokers can infer intimate private details about a person’s life and activities using seemingly unrelated pieces of data.43 This information may then be sold to anyone, including law enforcement agencies,44 allowing government agencies to exploit a loophole that would otherwise require them to comply with the legal process and obtain a warrant to access certain information.45 Law enforcement agencies have used this loophole to purchase users’ information, circumventing Americans’ constitutional right against unreasonable searches and seizures, because users’ private information has become a commodity for anyone willing to buy it.46 These companies profit from collecting and selling user data at the potential expense of people being prosecuted simply for seeking, receiving, or providing health care.

What happens when government agencies purchase data from brokers?

In the absence of a comprehensive federal privacy law, data brokers can source and package hundreds of thousands of data points on individuals.47 Federal agencies exploiting the data broker loophole are then able to purchase this sensitive information without a warrant and may use it as a surveillance tool.48 For example, a 2020 news report said that some agencies within the U.S. Department of Homeland Security, including U.S. Customs and Border Protection and Immigration and Customs Enforcement (ICE),49 purchased geolocation cell phone data from data brokers Venntel and Babel Street.50 Using this information, the agencies were able to target and track people in certain areas for immigration enforcement. ICE also reportedly accessed a private database containing information from various utility companies, giving the agency access to sensitive records related to people’s employment, housing, credit reports, criminal histories, and more—all without a warrant.51

Although it is unclear exactly how federal agencies have used such information to investigate or prosecute individuals, the use of data unveils a surreptitious surveillance partnership between private companies and the federal government that circumvents Americans’ constitutional right to privacy.52 This type of government overreach threatens abortion access and reproductive rights in general.

The consequences of this for-profit infringement of people’s personal information have become dire as states increasingly consider various ways to ban abortion care and criminalize abortion seekers and providers. In fact, the 210 pregnancy-related prosecutions nationwide from June 2022 to June 2023 represent the highest number ever recorded in just one year.53The prosecution data show that charging documents may include alleged actions such as “researching or exploring the possibility of an abortion” or “any mention of an abortion procedure or attempt to end pregnancy” as evidence that the person may have violated the law.54 For example, just months after the overturn of Roe, law enforcement in Nebraska issued a warrant to Facebook to release private messages between a mother and her teenage daughter regarding abortion pills.55 The mother, Jessica Burgess, was later sentenced to two years in prison.56

Weak privacy and security practices pose threats to everyone’s online privacy

Tech and telecommunications companies’ failure to adopt stringent privacy protections—including robust data retention policies and other safeguards such as end-to-end encryption, a process for making messages unreadable except by their intended audiences57—means users’ sensitive private health information is constantly at risk.58 It is also crucial to note that in most cases, sensitive health data is combined with other nonsensitive data, making it difficult to parse out and protect in an all-inclusive manner. Insufficient protections leave digital records vulnerable to law enforcement subpoenas and unauthorized access by third parties.59 A 2022 study by Accountable Tech of Google’s location data retention policies revealed that the company was still retaining location search queries and histories for some users,60 despite having issued an updated policy claiming that it would begin deleting location history data when users visited sensitive locations.61 In a follow-up study in 2023, Accountable Tech found that Google still retained sensitive transit information and location search queries from users who visited Planned Parenthood locations in 4 out of 8 experiments conducted across seven states.62 Soon thereafter, Google announced that it would gradually roll out expanded protections for location history data over the course of 2024.63

These discrepancies in companies’ privacy policies and their implementation undermine public trust and highlight a lack of meaningful accountability for companies that hold vast amounts of sensitive user information.64 When state privacy legislation insufficiently defines or is silent on what constitutes “sensitive data,” critical decisions are left up to individual companies. This absence leaves enforcement of privacy up to the discretion of the individual companies and their interpretation of “sensitive information” and how it should be protected.65 Without accountable oversight, strict enforcement, and transparent policies, users have little control over how their private data are stored, shared, and potentially used against them.

Types of data subject to misuse and criminalization

Tech and telecommunications companies collect and manage vast amounts of user data, much of which can be weaponized to target, monitor, or prosecute individuals seeking reproductive health care.66While each data type—such as search histories, location data, and app usage—presents unique privacy challenges, their combination creates a detailed and invasive digital profile. The cumulation of this digital paper trail may serve as a mountain of evidence that prosecutors can use to show intent.67 For example, combining location data with search histories can paint a detailed picture of an individual’s activities, such as searching for abortion clinics and then visiting those locations. This integration amplifies surveillance risks and increases the potential for misuse by law enforcement and government agencies or groups that oppose abortion rights.68

Fears of these data types being used to criminally punish abortion seekers are not theoretical. Pregnant people and their supporters already live in fear of criminalization,69 and the weaponization of their online data further proves why these fears are justified.

Search histories

Internet search and browsing histories about abortion or related topics can be used to infer intentions to end a pregnancy.70 There are already instances of law enforcement agencies accessing and using women’s private messages on social media platforms and search histories as evidence to criminalize them for their pregnancy outcomes and private reproductive decisions.71For example, even before the overturn of Roe in 2017, a woman in Mississippi, Latice Fisher, was charged with second-degree murder after she experienced a stillbirth at home.72 Police searched her phone and found she had previously searched for medication abortion.73 Though the case was later dismissed, it shows how private search data can be weaponized to suggest intent to terminate a pregnancy and subject women to criminalization.

Location tracking

One of the biggest threats to people’s data privacy is location tracking.74 Mobile phones can consistently share location data with telecom companies, service providers, apps, and tech companies.75 This may occur without users’ full awareness or consent,76 and often without their understanding of how the data can later be used against them.77 Many states that have banned abortion are also the biggest users of location data to surveil women ending their pregnancies.78

Opponents of abortion rights have already used these data to target people based on their proximity to reproductive health facilities.79 For example, the organization Veritas Society used geolocation tracking technology to run an ad campaign from 2019 to 2022 that sent advertisements against abortion to people visiting Planned Parenthood clinics.80 The campaign demonstrated how organizations can target people with alarming specificity, and it exemplified the much broader issue of targeting people simply for their proximity to reproductive health care facilities. Combined with browsing data and other types of personally identifiable information, location tracking can be used against people seeking care to place them in or around abortion providers.81

Period-tracking apps

Millions of people use period-tracking apps to monitor their menstrual cycles, birth control use, sexual activity, and fertility-related concerns.82 In doing so, users share an abundance of sensitive reproductive health-related information with these apps—data that are not protected by HIPAA83 and, in many cases, are vulnerable to use and sharing by the app itself and by third parties. While some state privacy laws protect certain types of personal data, these laws vary widely and leave significant gaps, especially for users in states without comprehensive privacy regulations. Apps may cooperate with law enforcement during criminal investigations, meaning that period-tracking data could be a target for investigators.84

See more

One industry survey of more than 900 Americans conducted by Secure Data Recovery showed that women’s health apps were some of the least trusted apps among Americans ages 18 to 77 when it comes to concerns about data security.85 This general distrust is buttressed by real-world missteps as period-tracking apps have come under scrutiny in recent years for alleged misleading privacy practices and disclosures.86 For example, in 2021, the FTC reached a settlement with a popular period-tracking app called Flo for allegedly misleading users about sharing their reproductive health data with “Facebook’s analytics division, Google’s analytics division, Google’s Fabric service, AppsFlyer, and Flurry.”87

Recommendations for a more private, secure future

Digital information can be used to criminally charge, arrest, and prosecute abortion seekers and providers. However, emerging solutions can address the real threats digital surveillance poses to reproductive health care in order to protect individuals’ privacy, and they can also prevent tech companies from helping to criminalize abortion care.

Address data privacy and reproductive health protections

Tech companies have a crucial role to play in safeguarding user privacy and preventing the misuse of sensitive health information, particularly in the context of reproductive health. By adopting proactive privacy practices that go beyond current legal requirements, companies can help mitigate risks, protect vulnerable users, and set a higher standard for data protection. Key best practices include:

  1. Implementing data minimization and consent policies: Limit the collection, retention, and sharing of user data to only what is strictly necessary for the functionality of the service.
  2. Providing transparency and user control: Clearly communicate data collection and usage practices to users in accessible, concise language and explicitly state the purpose for which personal information is being collected. Offer tools that allow users to easily manage their privacy settings, including the ability to permanently delete their data.
  3. Integrating privacy by design principles: Embed privacy protections into the design of apps and services from the outset, ensuring the user data is protected by default.
  4. Collaborating on standards and advocacy: Work with policymakers and civil society organizations to develop and promote clear, enforceable standards for data privacy. Advocate for comprehensive federal privacy legislation that addresses existing regulatory gaps and ensures consistent protections nationwide.

Protect individuals at the state level with state shield laws

Since the overturn of Roe, 19 states have enacted shield laws either through executive order or legislation to protect providers and the privacy of people seeking reproductive care.88 State shield laws serve as legal protections for patients, health care providers, and supporters from civil and criminal consequences from out-of-state abortion restrictions. These types of laws will become increasingly important over the next few years as the sexual and reproductive health landscape is tossed into greater uncertainty. Shield laws in California,89 Connecticut,90and Washington91 generally prohibit their courts and law enforcement agencies from cooperating with out-of-state investigations related to abortion care. Additionally, Washington state enacted H.B. 1155, which expressly protects certain types of consumer information, such as location and reproductive health data, gathered by period-tracking apps.92 These laws help prevent the use of digital surveillance to prosecute people who travel to access care and health care professionals who provide it.

These protections are particularly important in preventing the misuse of sensitive data—such as search histories, location tracking, or data from period-tracking and women’s health-related apps93—that could otherwise be weaponized to prosecute individuals for accessing care across state lines. By limiting cooperation with states that criminalize abortion, shield laws can help reduce the likelihood that individuals will have their private data at risk of exposure and face legal consequences simply for seeking health care. The efficacy of shield laws would be seriously jeopardized, though, were there to be a federal abortion ban.

Protect individuals’ data

While the onus should not be on individuals to stop their data and private reproductive health information from misuse and abuse, they can take practical steps to mitigate this risk and protect themselves against mass digital surveillance.94 People can limit data sharing on apps; turn off or limit location services; opt out of personalized and targeted ads; and use encrypted communications, privacy-focused search engines, and secure messaging platforms for reproductive health-related communications.95 Various strategies can be used to defend against location tracking depending on the tracking method employed. For example, the Surveillance Self-Defense project by the Electronic Frontier Foundation covers different threats to abortion seekers and providers and compiles ways to protect the privacy of digital data.96

While these steps can help individual abortion seekers reduce their vulnerability to data misuse, these are merely stopgaps in the absence of stronger, systemic privacy protections. The absence of a comprehensive federal law to protect Americans’ data privacy has allowed tech companies to capitalize on the use of individuals’ data with little oversight and regulation. Fortunately, there are bipartisan opportunities to fix that.

Strengthen federal consumer protections and privacy

In April 2024, the U.S. House voted 219-199 to pass the Fourth Amendment Is Not For Sale Act sponsored by Rep. Warren Davidson (R-OH), a bipartisan bill that takes an important step toward closing the data broker loophole and updating Title II of the Electronic Communications Privacy Act of 1986, the Stored Communications Act.97 Had it been signed into law, the bill would have restricted law enforcement and other government entities from purchasing some communications-related information and location data that they would otherwise need a warrant to obtain.98 The bill would have helped protect Americans against government access to their personal data. However, it had some limitations: It covered only a few types of data, including “communications content, geolocation information, and non-contents information pertaining to a consumer or subscriber of an ECS or RCS provider,” meaning that it did not cover health data or other types of sensitive data.99 In combination with other measures, this law would have been a step in the right direction for securing stronger Fourth Amendment protections regarding digital surveillance. Although the U.S. Senate has not taken action on the bill since receiving it in April 2024, there is a possibility that the bill may be considered in future congressional sessions.

The absence of a comprehensive federal law to protect Americans’ data privacy has allowed tech companies to capitalize on the use of individuals' data with little oversight and regulation.

The American Privacy Rights Act (APRA), introduced in 2024 and sponsored by Sen. Maria Cantwell (D-WA) and Rep. Cathy McMorris Rodgers (R-WA), is a bicameral bill with bipartisan support that would establish the first-ever comprehensive federal data privacy law in the United States.100 The bill was groundbreaking: Its earliest iteration included groundbreaking foundational civil rights provisions that would protect users against data-driven discrimination.101 It aimed to minimize the amount of personal information companies can collect and sell, strengthen protections for certain health-related data, and give consumers greater control over their personal data. The measure would also require companies to limit the amount of information they collect to only what is necessary, and it would give individuals more power to prevent the transfer or sale of their personal data without their affirmative express consent.102

If passed, the bill would also establish enforcement mechanisms—including through the FTC and state attorneys general and, notably, a private right of action for individuals—to hold violators accountable.103 This would be a vast improvement upon existing data privacy laws and would put more power into the hands of everyday consumers to decide what happens to their data. However, the civil rights safeguards policymakers stripped from the bill after the U.S. House Energy and Commerce Subcommittee on Innovation, Data, and Commerce markup were absolutely crucial for guaranteeing fair privacy protections for everyone, and future bills must include robust civil rights protections if they are to have meaningful and practical utility.104

While the future of APRA is untenable, as its most meaningful and consequential components were eliminated, Congress must pass a comprehensive federal privacy bill to markedly strengthen existing data privacy laws and protect everyday online consumers from unauthorized access from companies and agencies and the misuse of their personal data. This includes requiring the adoption of a data minimization framework as a foundation for companies’ privacy policies and implementing civil rights protections to prevent discrimination and biased targeting of protected groups.

Strengthen protections for private, sexual, and reproductive health information

The My Body, My Data Act, first introduced in 2022, was the first congressional action to propose strengthening data protections specifically for sensitive reproductive health information.105 The bill aims to protect personal sexual and reproductive health information by limiting the data that can be collected, retained, and shared by companies, including data brokers. That includes data related to pregnancy, menstruation, contraception, and more. Similar to APRA, it would require companies to follow a data minimization framework and prohibit regulated entities from collecting, retaining, using, or sharing reproductive health data aside from what is strictly necessary to provide a product or service. This bill also provides people with necessary rights to access, delete, and correct their reproductive health information at any time, offering them greater control over how their data are used and shared. If enacted, it would create a uniform standard for protecting reproductive health data nationwide.

The Reproductive Data Privacy and Protection Act of 2024, sponsored by Rep. Ted Lieu (D-CA), would prohibit law enforcement from accessing or utilizing data related to sexual and reproductive health—including location data for clinics; period-tracking app records; records of reproductive-related surgeries and procedures such as in vitro fertilization treatments; and contraception and medication abortion purchases and prescriptions or recommendations for such products—for the purpose of investigating or prosecuting any person.106 The intent is to prevent such sensitive data from being used to investigate, criminalize, or prosecute individuals for seeking or assisting with reproductive health care. If enacted, this bill would help protect Americans against the ever-increasing invasion of private reproductive health information and would be an additional layer of protection against the use of reproductive health data to prosecute any person in connection with inquiring about, seeking, obtaining, providing, or facilitating reproductive or sexual health treatment or care.

Conclusion

As reproductive rights remain under attack across the country, the role of the technology industry in enabling the surveillance and criminalization of abortion cannot be ignored. Through data collection practices involving obtaining search histories, tracking locations, and storing information from period-monitoring apps, tech companies have created a system that leaves people vulnerable to hypersurveillance and prosecution simply for seeking health care they need. Technology and telecommunications companies must reckon with the potentially devastating impact of this infringement on peoples’ privacy, bodily autonomy, and freedom. The current sexual and reproductive health landscape, coupled with the reality of existing data privacy practices, necessitates that individuals do what they can to protect themselves from the misuse of their sensitive data.

By adopting more robust privacy protections, reassessing data practices that leave people vulnerable, and practicing greater transparency, companies can protect peoples’ rights to make their own health decisions without fear of surveillance or criminalization. Lawmakers must also prioritize bipartisan, comprehensive federal data privacy protections so that all Americans have better control over their data privacy and feel protected in a rapidly innovating sector. U.S. government agencies such as the FTC and the Department of Health and Human Services must act swiftly to oversee and hold these companies accountable to these laws.

The overturn of Roe v. Wade and the resulting patchwork of state abortion bans, along with the lack of privacy laws at the state and federal levels, mean the danger posed by tech surveillance and tracking is acute. That danger to reproductive freedom is likely to persist until abortion is protected again at the federal level.

Acknowledgments

The author would like to thank Amina Khalique, Kate Kelly, Nicole Alvarez, Megan Shahi, Adam Conner, and Andrea Ducas for their reviews of and contributions to this report.

Endnotes

  1. Kristin Cohen, “Location, health, and other sensitive information: FTC committed to fully enforcing the law against illegal use and sharing of highly sensitive data,” Federal Trade Commission, July 11, 2022, available at https://www.ftc.gov/business-guidance/blog/2022/07/location-health-and-other-sensitive-information-ftc-committed-fully-enforcing-law-against-illegal.
  2. Ellie Quinlan Houghtaling, “Trump Proudly Brags About Rollback of Abortion Rights in Biden Debate,” The New Republic, June 27, 2024, available at https://newrepublic.com/post/183227/trump-biden-debate-roe-v-wade-abortion-rollback.
  3. Julianne McShane, “Big Tech Would Be Key to Delivering Project 2025’s Anti-Abortion Plans,” Mother Jones, September 25, 2024, available at https://www.motherjones.com/politics/2024/09/project-2025-abortion-surveillance-tech/.
  4. Center for American Progress, “The U.S. Supreme Court Reckons With the Criminalization of Abortion Care,” available at https://www.americanprogress.org/series/the-u-s-supreme-court-reckons-with-the-criminalization-of-abortion-care/ (last accessed December 2024); Becca Damante and Kierra B. Jones, “A Year After the Supreme Court Overturned Roe v. Wade, Trends in State Abortion Laws Have Emerged” (Washington: Center for American Progress, 2023), available at https://www.americanprogress.org/article/a-year-after-the-supreme-court-overturned-roe-v-wade-trends-in-state-abortion-laws-have-emerged/.
  5. Wendy A. Bach and Madalyn K. Wasilczuk, “Pregnancy as a Crime: A Preliminary Report on the First Year After Dobbs” (New York: Pregnancy Justice, 2024), available at https://www.pregnancyjusticeus.org/wp-content/uploads/2024/09/Pregnancy-as-a-Crime.pdf.
  6. John Yang, Kaisha Young, and Marconja Zor, “Court cases targeting abortion highlight digital privacy concerns,” PBS News, August 5, 2023, available at https://www.pbs.org/newshour/show/court-cases-targeting-abortion-highlight-digital-privacy-concerns.
  7. Adam Wren and others, “Trump once shunned Project 2025 as ‘ridiculous.’ Now he’s staffing up with them,” Politico, November 21, 2024, available at https://www.politico.com/news/2024/11/21/trump-taps-project-2025-authors-administration-00191047; Bill Barrow, “After Trump’s Project 2025 denials, he is tapping its authors and influencers for key roles,” The Associated Press, November 23, 2024, available at https://apnews.com/article/trump-project-2025-administration-nominees-843f5ff20131ccba5f056e7ccc5baf23.
  8. Sabrina Talukder, “Project 2025’s Distortion of a Reconstruction-Era Law Could Enact a National Abortion Ban,” Center for American Progress, June 13, 2024, available at https://www.americanprogress.org/article/project-2025s-distortion-of-a-reconstruction-era-law-could-enact-a-national-abortion-ban/; Roger Severino, “Department of Health and Human Services,” in Paul Dans and Steven Groves, eds., Mandate for Leadership: The Conservative Promise (Washington: The Heritage Foundation, 2023), available at https://static.project2025.org/2025_MandateForLeadership_FULL.pdf.
  9. McShane, “Big Tech Would Be Key to Delivering Project 2025’s Anti-Abortion Plans”; Ryan Koronowski, “Project 2025 is Already a Reality in May States,” Center for American Progress, September 12, 2024, available at https://www.americanprogress.org/article/project-2025-is-already-a-reality-in-many-states/.
  10. Sabrina Talukder, “The Sweeping Consequences of the Far Right’s Plan To Effectuate a Backdoor National Abortion Ban in Project 2025,” Center for American Progress, June 17, 2024, available at https://www.americanprogress.org/article/the-sweeping-consequences-of-the-far-rights-plan-to-effectuate-a-backdoor-national-abortion-ban-in-project-2025/.
  11. Katherine Gallagher Robbins, Shaina Goodman, and Josia Klein, “State Abortion Bans Harm More Than 15 Million Women of Color” (Washington: National Partnership for Women and Families, 2023), available at https://nationalpartnership.org/report/state-abortion-bans-harm-woc/; Erika Maye, “Black Women Bear the Brunt of Criminalized Pregnancy and Motherhood. Here’s Why We Can’t Afford to Ignore It,” The Root, July 16, 2021, available at https://www.theroot.com/black-women-bear-the-brunt-of-criminalized-pregnancy-an-1847294583; Rebecca Chowdhury, “America’s High-Tech Surveillance Could Track Abortion-Seekers, Too, Activists Warn,” Time, June 6, 2022, available at https://time.com/6184111/abortion-surveillance-tech-tracking/; Jason Williams, “Our System Criminalizes Black Pregnancy. As a District Attorney, I Refuse to Prosecute These Cases,” Time, May 21, 2021, available at https://time.com/6049587/pregnancy-criminalization/.
  12. Albert Fox Cahn and Eleni Manis, “Pregnancy Panopticon: Abortion Surveillance After Roe” (New York: Surveillance Technology Oversight Project, 2022), available at https://www.stopspying.org/pregnancy-panopticon; Chowdhury, “America’s High-Tech Surveillance Could Track Abortion-Seekers, Too, Activists Warn.”
  13. Ashley Emery, “Data Privacy & Reproductive Freedom: How Digital Surveillance Increases the Risk of Pregnancy Criminalization Post-Dobbs,” National Partnership for Women and Families, October 2024, available at https://nationalpartnership.org/report/data-privacy-reproductive-freedom/; Victoria Colliver, “Telehealth is as Safe as a Visit to the Clinic for Abortion Pills,” University of California San Francisco, February 15, 2024, available at https://www.ucsf.edu/news/2024/02/427111/telehealth-safe-visit-clinic-abortion-pills; Plan C, “Home,” available at https://www.plancpills.org/ (last accessed December 2024).
  14. Runa Sandvik, “How US police use digital data to prosecute abortions,” TechCrunch, January 27, 2023, available at https://techcrunch.com/2023/01/27/digital-data-roe-wade-reproductive-privacy/.
  15. Patrick Ward and others, “Consumer Data: Increasing Use Poses Risks to Privacy” (Washington: U.S. Government Accountability Office, 2022), available at https://www.gao.gov/products/gao-22-106096.
  16. Centers for Disease Control and Prevention, “Health Insurance Portability and Accountability Act of 1996 (HIPAA),” available at https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html (last accessed December 2024); Maggie Jo Buchanan and Nadia Stovicek, “Using HIPAA To Protect Patient Privacy and Fight Abortion Criminalization,” Center for American Progress, August 17, 2022, available at https://www.americanprogress.org/article/using-hipaa-to-protect-patient-privacy-and-fight-abortion-criminalization/.
  17. U.S. Department of Health and Human Services, “Summary of the HIPAA Privacy Rule,” available at https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html (last accessed December 2024).
  18. Centers for Disease Control and Prevention, “Health Insurance Portability and Accountability Act of 1996 (HIPAA).”
  19. U.S. Department of Health and Human Services, “HIPAA Privacy Rule To Support Reproductive Health Care Privacy,” Federal Register 89 (82) (2024): 32976–33066, available at https://www.federalregister.gov/documents/2024/04/26/2024-08503/hipaa-privacy-rule-to-support-reproductive-health-care-privacy; Rolonda Donelson, “2024 HIPAA Final Rule to Support Reproductive Health Care Privacy” (Washington: National Health Law Program, 2024), available at https://healthlaw.org/resource/2024-hipaa-final-rule-to-support-reproductive-health-care-privacy/.
  20. Buchanan and Stovicek, “Using HIPAA To Protect Patient Privacy and Fight Abortion Criminalization.”
  21. Charles Ornstein, “Federal Patient Privacy Law Does Not Cover Most Period-Tracking Apps,” ProPublica, July 5, 2022, available at https://www.propublica.org/article/period-app-privacy-hipaa.
  22. Paige Gross, “Data privacy after Dobbs: Is period tracking safe?”, Stateline, July 26, 2024, available at https://stateline.org/2024/07/26/data-privacy-after-dobbs-is-period-tracking-safe/.
  23. Jolynn Dellinger and Stephanie Pell, “Bodies of Evidence: The Criminalization of Abortion and Surveillance of Women in a Post-Dobbs World,” Duke Journal of Constitutional Law & Public Policy19 (1) (2024): 1–108, available at https://scholarship.law.duke.edu/djclpp/vol19/iss1/1; Jocelyn Frye and Alexandra Reeve Givens, “Digital Surveillance Supercharges Abortion Criminalization. Closing the Data Broker Loophole Is Urgent,” National Partnership for Women and Families, September 9, 2024, available at https://nationalpartnership.org/digital-surveillance-supercharges-abortion-criminalization-closing-data-broker-loophole-urgent/.
  24. Federal Trade Commission, “A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services” (Washington: 2024), available at https://www.ftc.gov/system/files/ftc_gov/pdf/Social-Media-6b-Report-9-11-2024.pdf#page=77.
  25. Ibid.
  26. Claire Park, “How ‘Notice and Consent’ Fails to Protect Our Privacy,” New America, March 23, 2020, available at https://newamerica.org/oti/blog/how-notice-and-consent-fails-to-protect-our-privacy/.
  27. Anne Josephine Flanagan, Jen King, and Sheila Warren, “Redesigning Data Privacy: Reimagining Notice & Consent for human-technology interaction” (Cologny, Switzerland: World Economic Forum, 2020), available at https://www3.weforum.org/docs/WEF_Redesigning_Data_Privacy_Report_2020.pdf.
  28. Ibid.
  29. George R. Milne and Mary J. Culnan, “Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices,” Journal of Interactive Marketing 18 (3) (2004): 15–29, available at https://doi.org/10.1002/dir.20009.
  30. Joseph Turow, Michael Hennessy, and Nora Draper, “Persistent Misperceptions: Americans’ Misplaced Confidence in Privacy Policies, 2003–2015,” Journal of Broadcasting & Electronic Media 62 (3) (2018): 461–478, available at https://doi.org/10.1080/08838151.2018.1451867.
  31. Federal Trade Commission, “A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services”; Dellinger and Pell, “Bodies of Evidence: The Criminalization of Abortion and Surveillance of Women in a Post-Dobbs World.”
  32. Electronic Privacy Information Center, “Data Minimization,” available at https://epic.org/issues/consumer-privacy/data-minimization/ (last accessed December 2024).
  33. Kara Williams and Caitriona Fitzgerald, “Data minimization is the key to a meaningful privacy law,” Electronic Privacy Information Center, May 9, 2024, available at https://epic.org/data-minimization-is-the-key-to-a-meaningful-privacy-law/; Suzanne Bernstein, “Data Minimization: Bolstering The FTC’s Health Data Privacy Authority,” Electronic Privacy Information Center, July 13, 2023, available at https://epic.org/data-minimization-bolstering-the-ftcs-health-data-privacy-authority/.
  34. Emile Ayoub and Elizabeth Goitein, “Closing the Data Broker Loophole,” Brennan Center for Justice, February 13, 2024, available at https://www.brennancenter.org/our-work/research-reports/closing-data-broker-loophole; Yael Grauer, “What Are ‘Data Brokers,’ and Why Are They Scooping Up Information About You?”, VICE, March 27, 2018, available at https://www.vice.com/en/article/what-are-data-brokers-and-how-to-stop-my-private-data-collection/.
  35. Electronic Privacy Information Center, “Data Brokers,” available at https://epic.org/issues/consumer-privacy/data-brokers/ (last accessed December 2024).
  36. Maximize Market Research, “Data Broker Market: Global Industry Analysis and Forecast (2025-2032) by Data Category, Data Type, End- User and Region,” available at https://www.maximizemarketresearch.com/market-report/global-data-broker-market/55670/ (last accessed December 2024).
  37. Federal Trade Commission, “FTC Cracks Down on Mass Data Collectors: A Closer Look at Avast, X-Mode, and InMarket,” March 4, 2024, available at https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/03/ftc-cracks-down-mass-data-collectors-closer-look-avast-x-mode-inmarket.
  38. Suzanne Smalley, “Dozens of data brokers disclose selling reproductive healthcare info, precise geolocation and data belonging to minors,” The Record, March 8, 2024, available at https://therecord.media/dozens-of-data-brokers-disclose-selling-info-on-kids-geolocation-data-reproductive-health; California Privacy Protection Agency, “Data Broker Registry,” available at https://cppa.ca.gov/data_broker_registry/ (last accessed December 2024).
  39. Secure Privacy, “What is CCPA? Learn all about CCPA here on our website!”, April 19, 2023, available at https://secureprivacy.ai/blog/what-is-ccpa; Data broker registration: accessible deletion mechanism, S.B. 362, California Senate (October 10, 2023), available at https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362.
  40. Secure Privacy, “California’s Data Deletion Law: Understanding the California Delete Act for Regulating Data Brokers,” February 6, 2024, available at https://secureprivacy.ai/blog/california-delete-act-guide.
  41. California Department of Justice, Office of the Attorney General, “California Consumer Privacy Act (CCPA),” March 13, 2024, available at https://oag.ca.gov/privacy/ccpa.
  42. Bernstein, “Data Minimization: Bolstering The FTC’s Health Data Privacy Authority.”
  43. Ayoub and Goitein, “Closing the Data Broker Loophole.”
  44. Frye and Givens, “Digital Surveillance Supercharges Abortion Criminalization. Closing the Data Broker Loophole Is Urgent.”
  45. National Association of Criminal Defense Lawyers, “The Data Broker Loophole is a Threat to Civil Rights,” available at https://www.nacdl.org/getattachment/1f25febe-e56e-40ea-b37f-fba358812a6b/civil-rights-and-data-purchases.pdf (last accessed December 2024).
  46. United States Courts, “What Does the Fourth Amendment Mean?”, available at https://www.uscourts.gov/about-federal-courts/educational-resources/about-educational-outreach/activity-resources/what-does-fourth-amendment-mean (last accessed December 2024); Frye and Givens, “Digital Surveillance Supercharges Abortion Criminalization. Closing the Data Broker Loophole Is Urgent”; National Association of Criminal Defense Lawyers, “The Data Broker Loophole is a Threat to Civil Rights.”
  47. Alicia Puente Cackley, “Testimony Before the Senate Committee on Banking, Housing, and Urban Affairs: Consumer Privacy: Changes to Legal Framework Needed to Address Gaps,” June 11, 2019, available at https://www.gao.gov/products/gao-19-621t.
  48. Hamed Aleaziz and Caroline Haskins, “DHS Authorities Are Buying Moment-By-Moment Geolocation Cellphone Data To Track People,” BuzzFeed News, October 30, 2020, available at https://www.buzzfeednews.com/article/hamedaleaziz/ice-dhs-cell-phone-data-tracking-geolocation.
  49. Byron Tau and Michelle Hackman, “Federal Agencies Use Cellphone Location Data for Immigration Enforcement,” The Wall Street Journal, February 7, 2020, available at https://www.wsj.com/articles/federal-agencies-use-cellphone-location-data-for-immigration-enforcement-11581078600.
  50. Shreya Tewari and Fikayo Walter-Johnson, “New Records Detail DHS Purchase and Use of Vast Quantities of Cell Phone Location Data,” American Civil Liberties Union, July 18, 2022, available at https://www.aclu.org/news/privacy-technology/new-records-detail-dhs-purchase-and-use-of-vast-quantities-of-cell-phone-location-data; American Civil Liberties Union, “ACLU v. Department of Homeland Security (commercial location data FOIA),” July 18, 2022, available at https://www.aclu.org/cases/aclu-v-department-homeland-security-commercial-location-data-foia.
  51. Drew Harwell, “ICE investigators used a private utility database covering millions to pursue immigration violations,” The Washington Post, February 26, 2021, available at https://www.washingtonpost.com/technology/2021/02/26/ice-private-utility-data/.
  52. Bennett Cyphers, “How the Federal Government Buys Our Cell Phone Location Data,” Electronic Frontier Foundation, June 13, 2022, available at https://www.eff.org/deeplinks/2022/06/how-federal-government-buys-our-cell-phone-location-data.
  53. Bach and Wasilczuk, “Pregnancy as a Crime: A Preliminary Report on the First Year After Dobbs.
  54. Ibid.
  55. Martin Kaste, “Nebraska cops used Facebook messages to investigate an alleged illegal abortion,” NPR, August 12, 2022, available at https://www.npr.org/2022/08/12/1117092169/nebraska-cops-used-facebook-messages-to-investigate-an-alleged-illegal-abortion.
  56. Mitchell McCluskey, “A Nebraska mother who provided an illegal abortion for her daughter and helped dispose of the fetus gets 2 years in prison, report says,” CNN, September 23, 2023, available at https://www.cnn.com/2023/09/23/us/nebraska-abortion-pill-jessica-burgess/index.html.
  57. Surveillance Self-Defense, “Encryption,” available at https://ssd.eff.org/glossary/encryption (last accessed December 2024).
  58. Caroline Choi, “Big Tech’s Abortion Issue,” Harvard Political Review, June 6, 2023, available at https://harvardpolitics.com/big-techs-abortion/.
  59. Shefali Luthra, “Could Facebook messages be used in abortion-related prosecution?”, The 19th, July 19, 2023, available at https://19thnews.org/2023/07/abortion-laws-facebook-messages-digital-privacy/; Rina Torchinsky, “How period tracking apps and data privacy fit into a post-Roe v. Wade climate,” NPR, June 24, 2022, available at https://www.npr.org/2022/05/10/1097482967/roe-v-wade-supreme-court-abortion-period-apps.
  60. Accountable Tech, “Post-Roe, Google’s Data Collection and Policies Could Endanger Those Seeking Abortions” (Washington: 2022), available at https://accountabletech.org/wp-content/uploads/Googles-Data-Collection-and-Policies-Could-Endanger-Those-Seeking-Abortions.pdf.
  61. Jen Fitzpatrick, “Protecting people’s privacy on health topics,” Google, May 12, 2023, available at https://blog.google/technology/safety-security/protecting-peoples-privacy-on-health-topics/.
  62. Accountable Tech, “As Google Rolls Out New Privacy Commitments, Research Finds Company is Still Failing to Protect Privacy of Abortion Seekers” (Washington: 2024), available at https://accountabletech.org/research/as-google-rolls-out-new-privacy-commitments-research-finds-company-is-still-failing-to-protect-privacy-of-abortion-seekers/.
  63. Marlo McGriff, “Updates to Location History and new controls coming soon to Maps,” Google, December 12, 2023, available at https://blog.google/products/maps/updates-to-location-history-and-new-controls-coming-soon-to-maps/.
  64. Accountable Tech, “The Two Faces of Big Tech: How Big Tech Companies Lobby Against the Reforms They Publicly Endorse” (Washington: 2024), available at https://accountabletech.org/wp-content/uploads/The-Two-Faces-of-Big-Tech.pdf.
  65. Morgan Wilsmann, “The FTC’s New Report Reaffirms Big Tech’s Personal Data Overreach – What’s New?”, Public Knowledge, October 3, 2024, available at https://publicknowledge.org/the-ftcs-new-report-reaffirms-big-techs-personal-data-overreach-whats-new/.
  66. Federal Trade Commission, “A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services.”
  67. Kevin Collier, “What digital information could prosecutors use in abortion-related cases?”, NBC News, June 29, 2022, available at https://www.nbcnews.com/tech/security/abortion-digital-information-privacy-rcna35543.
  68. Cat Zakrzewski, Pranshu Verma, and Claire Parker, “Texts, web searches about abortion have been used to prosecute women,” The Washington Post, July 3, 2022, available at https://www.washingtonpost.com/technology/2022/07/03/abortion-data-privacy-prosecution/; Adam Schwartz, “Sen. Wyden Exposes Data Brokers Selling Location Data to Anti-Abortion Groups That Target Abortion Seekers,” Electronic Frontier Foundation, February 27, 2024, available at https://www.eff.org/deeplinks/2024/02/sen-wyden-exposes-data-brokers-selling-location-data-anti-abortion-groups-target.
  69. Nicole Lewis and Aala Abdullahi, “How Abortion’s Legal Landscape Post-Roe is Causing Fear and Confusion,” The Marshall Project, June 1, 2024, available athttps://www.themarshallproject.org/2024/06/01/abortion-supreme-court-roe-dobbs.
  70. Suzanne Bernstein, “The Role of Digital Privacy in Ensuring Access to Abortion and Reproductive Health Care in Post-Dobbs America,” American Bar Association, June 3, 2024, available at https://www.americanbar.org/groups/crsj/publications/human_rights_magazine_home/technology-and-the-law/the-role-of-digital-privacy-in-ensuring-access-to-reproductive-health-care/.
  71. McShane, “Big Tech Would Be Key to Delivering Project 2025’s Anti-Abortion Plans”; Sandvik, “How US police use digital data to prosecute abortions.”
  72. Ryan Phillips, “Infant death case heading back to grand jury,” Starkville Daily News, May 8, 2019, available at https://www.starkvilledailynews.com/infant-death-case-heading-back-to-grand-jury/article_cf99bcb0-71cc-11e9-963a-eb5dc5052c92.html; Elizabeth Kukura, “Punishing Maternal Ambivalence,” Fordham Law Review 90 (6) (2022): 2909–2922, available at https://ir.lawnet.fordham.edu/flr/vol90/iss6/16.
  73. Zakrzewski, Verma, and Parker, “Texts, web searches about abortion have been used to prosecute women”; Jia Tolentino, “We’re Not Going Back to the Time Before Roe. We’re Going Somewhere Worse,” The New Yorker, June 24, 2022, available at https://www.newyorker.com/magazine/2022/07/04/we-are-not-going-back-to-the-time-before-roe-we-are-going-somewhere-worse.
  74. Surveillance Self-Defense, “Mobile Phones: Location Tracking,” available at https://ssd.eff.org/module/mobile-phones-location-tracking (last accessed December 2024).
  75. Stuart A. Thompson and Charlie Warzel, “Twelve Million Phones, One Dataset, Zero Privacy,” The New York Times, December 19, 2019, available at https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html.
  76. Ibid.
  77. Alfred Ng, “‘A uniquely dangerous tool’: How Google’s data can help states track abortions,” Politico, July 18, 2022, available at https://www.politico.com/news/2022/07/18/google-data-states-track-abortions-00045906.
  78. Ibid.
  79. Sen. Ron Wyden (D-OR), “How women’s phones became a tool for abortion surveillance,” MSNBC, November 3, 2024, available at https://www.msnbc.com/opinion/msnbc-opinion/abortion-data-brokers-phones-google-apple-wyden-rcna178479; Sen. Wyden, “Re: Near Letter to FTC and SEC,” U.S. Senate, February 13, 2024, available at https://www.wyden.senate.gov/imo/media/doc/signed_near_letter_to_ftc_and_sec.pdf.
  80. Alfred Ng, “A company tracked visits to 600 Planned Parenthood locations for anti-abortion ads, senator says,” Politico, February 13, 2024, available at https://www.politico.com/news/2024/02/13/planned-parenthood-location-track-abortion-ads-00141172; Cecilia Marrinan, “Geofencing: The Overlooked Barrier to Reproductive Freedom,” Council on Foreign Relations, October 30, 2024, available athttps://www.cfr.org/blog/geofencing-overlooked-barrier-reproductive-freedom; Kinsey Crowley, “Anti-abortion ads used location data from 600 Planned Parenthood locations, senator says,” USA Today, February 14, 2024, available at https://www.usatoday.com/story/news/nation/2024/02/14/planned-parenthood-near-data-senator-ron-wyden-ftc-sec-letter/72594895007/; Byron Tau and Patience Haggin, “Antiabortion Group Used Cellphone Data to Target Ads to Planned Parenthood Visitors,” The Wall Street Journal, May 18, 2023, available at https://www.wsj.com/articles/antiabortion-group-used-cellphone-data-to-target-ads-to-planned-parenthood-visitors-446c1212.
  81. McShane, “Big Tech Would Be Key to Delivering Project 2025’s Anti-Abortion Plans.”
  82. Donna Rosato, “What Your Period Tracker App Knows About You,” Consumer Reports, January 28, 2020, available at https://www.consumerreports.org/health/health-privacy/what-your-period-tracker-app-knows-about-you-a8701683935/; Uma Patel and others, “Experiences of users of period tracking apps: which app, frequency of use, data input and output and attitudes,” Reproductive BioMedicine Online 48 (3) (2023), available at 10.1016/j.rbmo.2023.103599.
  83. Ornstein, “Federal Patient Privacy Law Does Not Cover Most Period-Tracking Apps.”
  84. Torchinsky, “How period tracking apps and data privacy fit into a post-Roe v. Wade climate.”
  85. Yevgeniy Reznik, “Survey Reveals the Apps Americans Trust Least with Their Data,” Security Data Recovery, October 3, 2023, available at https://www.securedatarecovery.com/blog/apps-people-trust-least; Eva Epker, “Survey Finds Women’s Health Apps Are Among the Least Trusted: What to Know and How to Keep Your Data As Safe As Possible,” Forbes, May 16, 2023, available at https://www.forbes.com/sites/evaepker/2023/05/16/survey-says-womens-health-apps-are-among-the-least-trusted-what-to-know-and-how-to-keep-your-data-as-safe-as-possible/.
  86. CBS News Miami, “Consumer Reports Finds Some Privacy Issues With Women’s Health Apps,” January 22, 2020, available at https://www.cbsnews.com/miami/news/privacy-issues-women-health-apps/; Lesley Fair, “Health app broke its privacy promises by disclosing intimate details about users,” Federal Trade Commission, January 13, 2021, available at https://www.ftc.gov/business-guidance/blog/2021/01/health-app-broke-its-privacy-promises-disclosing-intimate-details-about-users.
  87. Federal Trade Commission, “Developer of Popular Women’s Fertility-Tracking App Settles FTC Allegations that It Misled Consumers About the Disclosure of their Health Data,” Press release, January 13, 2021, available at https://www.ftc.gov/news-events/news/press-releases/2021/01/developer-popular-womens-fertility-tracking-app-settles-ftc-allegations-it-misled-consumers-about; Sam Schechner and Mark Secada, “You Give Apps Sensitive Personal Information. Then They Tell Facebook,” The Wall Street Journal, February 22, 2019, available at https://www.wsj.com/articles/you-give-apps-sensitive-personal-information-then-they-tell-facebook-11550851636.
  88. Irene Kim, Divya Vatsa, and Jake Laperruque, “Two Years After Dobbs: Analysis of State Laws to Protect Reproductive Healthcare Info from Interstate Investigations and Prosecutions” (Washington: Center for Democracy & Technology, 2024), available at https://cdt.org/wp-content/uploads/2024/06/2024-06-26-CDT-SS-Two-Years-After-Dobbs-Analysis-of-State-Laws-rep.pdf.
  89. Reproductive rights, A.B. 1242, California Senate (September 27, 2022), available at https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202120220AB1242.
  90. An Act Concerning The Provision Of Protections For Persons Receiving And Providing Reproductive Health Care Services In The State and Access To Reproductive Health Care Services In The State, Public Act 22-19, H.B. 5414, Connecticut General Assembly (May 5, 2022), available at https://legiscan.com/CT/text/HB05414/id/2579572.
  91. Concerning access to reproductive health care services and gender-affirming treatment in Washington state, H.B. 1469, Washington State Legislature (April 27, 2023), available at https://app.leg.wa.gov/billsummary?BillNumber=1469&Initiative=false&Year=2023#documentSection; Concerning access to reproductive health care services and gender-affirming treatment in Washington state, S.B. 5489, Washington State Senate, available at https://app.leg.wa.gov/billsummary?BillNumber=5489&Chamber=Senate&Year=2023.
  92. Addressing the collection, sharing, and selling of consumer health data, H.B. 1155, Washington State Legislature (April 27, 2023), available at https://apps.leg.wa.gov/billsummary?BillNumber=1155&Initiative=false&Year=2023; Grace Deng, “How Washington’s ‘shield law’ protects abortion patients coming from other states,” Washington State Standard, June 24, 2023, available at https://washingtonstatestandard.com/2023/06/24/how-washingtons-shield-law-protects-abortion-patients-coming-from-other-states/.
  93. Jolynn Dellinger and Stephanie K. Pell, “The criminalization of abortion and surveillance of women in a post-Dobbs world,” Brookings Institution, April 18, 2024, available at https://www.brookings.edu/articles/the-criminalization-of-abortion-and-surveillance-of-women-in-a-post-dobbs-world/.
  94. Digital Defense Fund, “Keep Your Abortion Private & Secure,” available at https://digitaldefensefund.org/ddf-guides/abortion-privacy (last accessed December 2024).
  95. Surveillance Self-Defense, “Mobile Phones: Location Tracking”; Surveillance Self-Defense, “Keeping Your Data Safe,” July 22, 2024, available at https://ssd.eff.org/module/keeping-your-data-safe.
  96. Surveillance Self-Defense, “Basics,” available at https://ssd.eff.org/module-categories/basics(last accessed December 2024).
  97. Rebecca Beitsch, “House passes bill requiring warrant to purchase data from third parties,” The Hill, April 17 2024, available at https://thehill.com/homenews/house/4601266-house-passes-bill-requiring-warrant-to-purchase-data-from-third-parties/; Fourth Amendment is Not for Sale Act of 2024, H.B. 4639, 118th Cong., 2nd sess. (July 14, 2024), available at https://www.congress.gov/bill/118th-congress/house-bill/4639; U.S. Department of Justice, “Electronic Communications Privacy Act of 1986 (ECPA),” available at https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 (last accessed December 2024).
  98. Ayoub and Goitein, “Closing the Data Broker Loophole”; American Civil Liberties Union, “After House Passes Fourth Amendment Is Not For Sale Act, ACLU Urges Senate to Stop Government from Spying on Americans Without a Warrant,” Press release, April 17, 2024, available at https://www.aclu.org/press-releases/house-passes-fourth-amendment-is-not-for-sale-act(last accessed December 2024).
  99. Ayoub and Goitein, “Closing the Data Broker Loophole.”
  100. American Privacy Rights Act of 2024, H.R. 8818, 118th Cong., 2nd sess. (June 25, 2024), available at https://www.congress.gov/bill/118th-congress/house-bill/8818/text (last accessed December 2024).
  101. American Privacy Rights Act of 2024, Discussion Draft, 118th Cong., 2nd sess. (May 21, 2024), available at https://d1dth6e84htgma.cloudfront.net/PRIVACY_04_xml_d1d6b82f10.pdf.
  102. U.S. House Committee on Energy and Commerce, “Committee Chairs Rodgers, Cantwell Unveil Historic Draft Comprehensive Data Privacy Legislation,” Press release, April 7, 2024, available at https://energycommerce.house.gov/posts/committee-chairs-rodgers-cantwell-unveil-historic-draft-comprehensive-data-privacy-legislation.
  103. Congressional Research Service, “The American Privacy Rights Act” (Washington: 2024), available at https://crsreports.congress.gov/product/pdf/LSB/LSB11161.
  104. U.S. House Committee on Energy and Commerce, “Innovation, Data, and Commerce Subcommittee Markup Recap: Monumental Step Forward for Data Privacy and Kids Online Safety,” May 23, 2024, available at https://energycommerce.house.gov/posts/innovation-data-and-commerce-subcommittee-markup-recap-monumental-step-forward-for-data-privacy-and-kids-online-safety.
  105. My Body, My Data Act of 2023, S. 1656, 118th Cong., 1st sess. (May 17, 2023), available at https://www.congress.gov/bill/118th-congress/senate-bill/1656?q=%7B%22search%22%3A%22my+body+my+data%22%7D&s=1&r=2.
  106. Reproductive Data Privacy and Protection Act of 2024, H.R. 7841, 118th Cong., 2nd sess. (March 29, 2024), available at https://www.congress.gov/bill/118th-congress/house-bill/7841/text; Office of Congressman Ted Lieu (D-CA), “Reps Lieu, Jacobs, Ross, Scholten and Frost Introduce Bill To Protect Americans’ Reproductive Data Privacy,” Press release, March 28, 2024, available at https://lieu.house.gov/media-center/press-releases/reps-lieu-jacobs-ross-scholten-and-frost-introduce-bill-protect.

The positions of American Progress, and our policy experts, are independent, and the findings and conclusions presented are those of American Progress alone. A full list of supporters is available here. American Progress would like to acknowledge the many generous supporters who make our work possible.

Author

Kierra B. Jones

Senior Policy Analyst

Team

Women’s Initiative

The Women’s Initiative develops robust, progressive policies and solutions to ensure all women can participate in the economy and live healthy, productive lives.

This field is hidden when viewing the form

Default Opt Ins

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

Variable Opt Ins

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.