By Taylor M. Sorrells
Since the recent U.S. Supreme Court decision in Dobbs v. Jackson Women’s Health Organization, ending the federal constitutional protection of abortion rights,[1] there has been legal uncertainty surrounding how to protect personal data held by third-party apps and software.[2] Specifically, some commentators are concerned that prosecutors in states that have criminalized abortion will access electronic data such as healthcare records, geolocation data, phone call, text message records, and financial statements to prosecute those suspected of obtaining abortions.[3]
The U.S. Constitution provides very limited protection for data privacy. While the Fourth Amendment offers general protections against unreasonable searches and seizures by government officials,[4] most seizures of data in the abortion context will not be barred by the Fourth Amendment, so long as the prosecutor seeking to access the data obtains a search warrant.[5] Further, the Supreme Court has recognized that, in some cases, law enforcement can subpoena data from third parties without triggering the requirements of the Fourth Amendment—thus requiring no warrant.[6]
While the constitutional protections for data privacy are rather weak, several federal privacy statutes may offer some protection for those seeking reproductive healthcare.[7] However, there is only limited potential for current federal privacy laws to protect the majority of individuals seeking abortions in states that have criminalized the procedure because most of these laws include law enforcement exceptions, which enable third parties to disclose data to law enforcement officials without consumer consent.[8]
In an executive order dated July 8, 2022, the Biden administration, seeking to strengthen federal protections for abortions, ordered the Federal Trade Commission (FTC) chair to “consider actions, as appropriate and consistent with applicable law . . . to protect consumers’ privacy when seeking information about and provision of reproductive healthcare services.”[9] Under the FTC Act, the FTC has broad authority to address consumer privacy violations by diverse entities.[10] Similarly, President Biden instructed the Secretary of the Department of Health and Human Services (HHS) to strengthen existing privacy protections for individuals seeking reproductive healthcare.[11]
While the order signals the Biden administration’s interest in preserving data privacy rights within the reproductive healthcare context, for abortion advocates, it will not likely provide sufficient protection because of the law enforcement exceptions that are written into most of the statutes from which these executive agencies derive their authority.[12] Further, the Health Information Portability and Accountability Act (HIPAA), which HHS administers, has a privacy rule which specifically allows abortion providers to share information with law enforcement, and some state laws require sharing under certain circumstances.[13] Because of these weaknesses in current federal law, commentators believe that absent a change in law or a new rulemaking, patients’ sensitive data will remain at risk.[14]
Post-Dobbs, members of Congress have proposed several bills intended to preserve reproductive health data rights.[15] One of the strongest bills proposed so far is the My Body, My Data Act, which would require the FTC to enforce a national privacy standard for reproductive health data collected by third-party apps, cell phones, and search engines.[16] The bill has been introduced in both the House and Senate, but with the Senate deeply divided on the issue of abortion, its future remains uncertain.[17]
Without stronger federal privacy laws, in most cases, prosecutors in states that have criminalized the procedure will be able to use suspected abortion-seekers’ electronically stored data as evidence against them in criminal prosecutions. For many commentators, new federal laws governing data protection have been long overdue.[18] However, in the post-Dobbs era, abortion advocates’ calls for increased data privacy protection have taken on a new urgency.
Keep an eye on this evolving area of the law.
[1] 142 S. Ct. 2228 (2022) (overruling Roe v. Wade, 410 U.S. 113 (1973), and Planned Parenthood v. Casey, 505 U.S. 833 (1992)).
[2] Abby Vesoulis, How a Digital Abortion Footprint Could Lead to Criminal Charges—And What Congress can do About it, Time (May 10, 2022, 4:20 PM), https://time.com/6175194/digital-data-abortion-congress.
[3] Id.
[4] U.S. Const. amend. IV.
[5] Riley v. California, 573 U.S. 373, 377 (2014) (holding that police must obtain a warrant before searching a seized cell phone).
[6] United States v. Miller, 425 U.S. 435, 446 (1976) (upholding the warrantless subpoena of bank records); Smith v. Maryland, 442 U.S. 735, 745–46 (1979) (ruling that law enforcement did not need a warrant to access phone records).
[7] See, e.g., Health Information Portability and Accountability Act of 1996, Pub. L. No. 104-191, 110 Stat. 1936 (imposing federal privacy requirements upon entities within the healthcare industry); Gramm-Leach-Bliley Act, Pub. L. No. 106-102, 113 Stat. 1338 (1999) (requiring entities within the banking industry to protect customer data); Stored Communications Act, 18 U.S.C. 121 §§ 2701–12 (1986) (addressing data privacy within electronic communications); Privacy Act of 1974, 5 U.S.C. § 552a (safeguarding data privacy within federal agencies).
[8] Chris D. Linebaugh, Cong. Rsch. Serv., LSB10786, Abortion, Data Privacy, and Law Enforcement Access: A Legal Overview, at 3 (2022).
[9] Exec. Order No. 14076, 87 FR 42053 (2022).
[10] See Federal Trade Commission Act of 1914, 15 U.S.C. §§ 41-58.
[11] Exec. Order No. 14076.
[12] Linebaugh, supra note 8.
[13] Allie Reed & Christopher Brown, Abortion Privacy Push Pits Biden Against Criminal Laws in States, Bloomberg Law (Aug. 3, 2022, 5:45 AM), https://www.bloomberglaw.com/bloomberglawnews/health-law-and-business/XEHPIBOK000000?bna_news_filter=health-law-and-business#jcite.
[14] Id.
[15] E.g., Stop Anti-Abortion Disinformation Act, S. 4469, 117th Cong. (2022) (directing the FTC to prescribe rules prohibiting disinformation in advertisements for abortion services); Health and Location Data Protection Act, S. 4408, 117th Cong. (2022) (prohibiting data brokers from selling and transferring certain sensitive data).
[16] H.R. 8111, 117th Cong. (2022).
[17] Nik Popli & Vera Bergengruen, Lawmakers Scramble to Reform Digital Privacy After Roe Reversal, Time (July 1, 2022, 12:44 PM), https://time.com/6193224/abortion-privacy-data-reform.
[18] See, e.g., Cameron F. Kerry, Why Protecting Privacy is a Losing Game Today—and how to Change the Game, Brookings (July 12, 2018), https://www.brookings.edu/research/why-protecting-privacy-is-a-losing-game-today-and-how-to-change-the-game.
Image Source: https://www.nbcnews.com/tech/security/abortion-clinics-providers-digital-privacy-roe-overturn-rcna30654