Navigating Data Privacy in Post-Roe America

Authors

• 

  Hannah Darnton

  Director, Technology and Human Rights, BSR

  

  ---

  

  Hannah Darnton

  Director, Technology and Human Rights, BSR

  

  San Francisco

  ---

  Hannah works with multinational companies to align business and human rights strategies and facilitate incorporation of sustainable practices into business operations across sectors.

  She focuses on the intersection of human rights and new, disruptive technology and leads the Tech Against Trafficking collaborative initiative.

  Prior to joining BSR, Hannah worked with the Skoll Foundation, where she co-led the portfolio and investments team’s efforts to identify social entrepreneurs with the potential to drive large-scale social change. Her work led to over US$20 million in grants and investments between 2015 and 2018. Before Skoll, Hannah spent six years working in anti-human trafficking in West Africa, Southeast Asia, and the Bay Area. She is fluent in French.

  Hannah holds a Master’s in NGOs and Development from the London School of Economics and a B.A. in Political Science and French from the University of Michigan. She currently serves on the advisory boards of Oxfam’s Women in Small Enterprise initiative and Convening17.

  Close

• Samone Nigam

  Manager, Technology and Human Rights, BSR

  

  ---

  Samone Nigam

  Manager, Technology and Human Rights, BSR

  

  San Francisco

  ---

  Samone works with BSR member companies in human rights and technology, with a focus on the impact of technologies on marginalized communities.

  Prior to joining BSR, Samone conducted research for a variety of agencies including the World Wide Web Foundation, UN Women, and the Office of the NYC Public Advocate. Her research takes a social justice focus informed by her experience in the nonprofit sector working directly with underrepresented populations like the LGBTQI+ community, immigrants and asylum seekers, sex workers, survivors of domestic abuse and sexual assault, and people seeking safe abortion.

  Samone holds a master’s degree in human rights from Columbia University’s School of International and Public Affairs and a bachelor’s degree in community studies from the University of California, Santa Cruz.

  Close
• 

  Jen Stark

  Co-Director, Center for Business and Social Justice, BSR

  

  ---

  

  Jen Stark

  Co-Director, Center for Business and Social Justice, BSR

  

  Washington, D.C.

  ---

  Jen is the Co-Director of the Center for Business and Social Justice. She is a strategy development and implementation expert at complex health and humanitarian organizations with 20+ years of experience. She launched the Center in 2022 alongside Jarrid Green to illuminate a path for companies to shift from performative to transformational actions with a focus on public policy engagement and influence. 

  Prior to joining BSR, she directed investments at the Tara Health Foundation to advance meaningful change among private sector employers on gender and racial equity, including historic progress on paid family and medical leave, reproductive health, and other workplace protections. Before working in philanthropy, she founded the corporate relations program at Planned Parenthood Federation of America to unlock advocacy, grantmaking and employee support to preserve access to reproductive healthcare nationwide. She also managed the disaster fundraising team at the American Red Cross, coordinating large scale efforts to responsibly raise and deploy hundreds of millions of dollars. She is frequently cited in business press on flashpoint topics and is an advisor to Gauge.ai and GoFundMe’s Compassion Leadership Network. 

  Jen holds a BA in Economics and Political Science from the University of North Carolina at Chapel Hill and is based in Washington, DC with her family, where she also plays cello in a community orchestra.   

  Close

Key Points

• Since the overturning of Roe v Wade, 24 states have enacted full restrictions on abortion access.
• The past year has posed unsettling questions about how data collected by companies could be used as evidence against individuals seeking abortion.
• From data-minimization practices, to increased privacy protection, BSR’s Human Rights and Tech team provide key recommendations for technology companies in post-Roe America.

One year ago, the US Supreme Court overturned the landmark 1973 ruling which established constitutional protection for abortion. The overturning of Roe v Wade enabled state governments to impose new restrictions, bans, and trigger laws on abortion and reproductive rights, severely curtailing human rights including access to healthcare, access to information pertaining to family planning, and the right to privacy, among others.

A year later, the policy landscape surrounding abortion remains uncertain and subject to ongoing litigation.

Legislative Developments

The past year has seen abortion access curtailed across the nation. Since the overturning of Roe, 24 states have enacted full bans or significant restrictions on abortion access, and active litigation in many states continues to cause confusion for providers and patients. Today, 25 million women of childbearing age now live in states with bans or restrictions on abortion.

State-level regulations on abortion and reproductive healthcare do not stop with bans and restrictions. A handful of states are regulating services connected to reproductive rights as well: Texas has recently introduced bills which would ban credit card companies from processing abortion-related transactions and would require internet service providers to ban access to websites that provide abortion information or facilitate access to abortion.

There are ongoing counter efforts to codify access to abortion at the national level, and state initiatives to pass legal protections, however, abortion-related cases continue to be disputed at the federal level. In April, the US Supreme Court blocked a proposed restriction on the drug, Mifepristone (part of the two-drug regimen for medication abortion); nonetheless, this case continues to unfold. And in May, a bill known as the “My Body, My Data Act of 2023,” was introduced to the Senate. If passed, it would protect sensitive sexual and reproductive health data by establishing data minimization requirements and enshrining individuals’ right to access and delete their sensitive health data.

User Data and Abortion

Amid the regulatory turmoil, a variety of questions have arisen about the role of data—and the companies collecting data—in both amplifying and addressing risks.

The past year has posed unsettling questions about how data collected by companies may be used to infer rightsholders’ abortion and reproductive statuses and what happens when law enforcement agencies demand that this data is shared with them.

Early cases caught the public’s attention, including one example involving a Nebraskan woman who was arrested for helping her daughter access an abortion after Meta was legally required to hand over her Facebook Messenger communications to law enforcement. Since then, there has been growing concern about the types of data that can be used to incriminate abortion seekers and providers such as payment data, location data, and menstrual app data.

For example, Google has pledged that it will not store location history for visits to abortion centers; however, some believe that the company has struggled to fully implement this pledge in its entirety, claiming some inconsistency with sensitive location history data. The company is currently involved in a class action lawsuit for tracking data from healthcare providers’ websites, including Planned Parenthood.

However, it is not just large technology companies that face these risks — companies in ad-tech, financial services, retail, and consumer healthcare do too. Companies like fertility-tracking app, Flo Health, and analytics company, Kochava, have faced penalties from the Federal Trade Commission for selling sensitive reproductive health data and location data from reproductive healthcare clinics respectively.

One year after the overturning of Roe, one thing remains the same: the evolving nature of the political environment and state legislation creates a challenging environment for companies to navigate abortion and reproductive rights related issues responsibly; with real consequences for rightsholders seeking timely access to reproductive care.

BSR makes the following recommendations for companies collecting data (including, but not limited to technology companies) to safeguard the rights and privacy of abortion seekers and providers:

Recommendations

1. Undertake human rights due diligence to identify risks to sexual and reproductive health that may be associated with the development or use of new or existing platforms, devices, products / product features. As part of their due diligence, companies should also consider state restrictions on reproductive rights or bans on abortion when deciding on the location of offices, data centers, or other assets that might give a state jurisdiction over the user data that the company holds.
2. Apply best practice privacy principles, such as data minimization, purpose limitations, purpose-based data retention, and user transparency and control.
3. Provide users with transparency about data practices, particularly for data pertaining to reproductive health. Increase the level of transparency users have on the types of data collected, how it is stored, how long it is stored, and with whom it is shared.
4. Embed guidance and support on privacy into the product or platform to protect users seeking sexual and reproductive healthcare services. This may take the form of click through prompts about password security, how to set up multi-factor authentication, or ways to protect privacy when users search for information pertaining to sexual and reproductive healthcare services.
5. Deploy end-to-end encryption on private messaging services.
6. Set default privacy settings to the highest level of privacy protection. Privacy protections should be based on an opt-out model, not an opt-in model.
7. Continue investing in efforts to ensure that policy commitments (e.g., “sensitive area” location data collection) are effectively implemented in practice.
8. Apply human rights principles (such as the Global Network Initiative Principles and Implementation Guidelines) when responding to government or law enforcement demands for user data.
9. Notify users when a government or law enforcement demand has been made for their data, when legally able to do so.
10. Support legislation intended to protect the right to abortion and the privacy of abortion-related data, including federal level privacy protections.

For further information, including how BSR can support you with conducting human rights due diligence related to privacy and data risks and reproductive services, please contact the team.