The overturning of the 1973 landmark Roe v. Wade by the US Supreme Court last Friday comes with a host of digital privacy concerns for US women seeking healthcare.

US women may not be aware that their phone’s data, social media, browsing and location history, and their ISP’s records of their internet activity could all be used as evidence if they face state criminal or civil charges for a miscarriage. Even before the overturning of the decision, digital trails of abortion seekers have been presented as criminal evidence against them in US states where abortions are prosecuted.

If you are in the United States and you are using a period tracking app, today is good day to delete it before you create a trove of data that will be used to prosecute you if you ever choose to have an abortion.https://t.co/7L7LaQizgx

— Eva (@evacide) May 3, 2022

Femtech products collect more than just period data

But a bigger threat to women than their Google searches, may come from their use of Femtech. An estimated 50 million women worldwide use Femtech, tech products focusing on women’s health, such as period tracker apps. These products are marketed as tools for those trying to have a baby, wanting to prevent pregnancy, or monitoring menstrual-related health problems. But the apps can also collect personal information that can go far beyond dates of a period including; how often you have sex; if you are trying to have a baby; and whether you engage in unprotected sex or have had a miscarriage.

In the US, unlike medical records held by doctors and hospitals, information like this collected by Femtech isn’t covered a federal law that limits how providers can share the information. This means users have no guarantee that their sensitive data won’t be shared in some way with third parties.

Five of the most popular period tracking apps; BabyCenter, Clue, Flo, My Calendar, and Ovia were recently studied for a research report on Femtech privacy.

Some made it easy for users to understand what data their app collects and how it’s shared, as well as providing ways for users to limit who can get their personal information or how it’s used. But none guarantee that all of a user’s information will be used only in ways they intend, because they all share some user data with external partners for purposes such as targeted advertising. Those partners may also then share or resell personal information further to other parties who also make no promises about how they handle it.

Even if user data is de-identified by removing identifiable information such as name or email address, it can be combined with other information – such as location, contacts, or unique identifiers in a phone – and traced back to the user, research suggests.

“It is the ability of a mobile app to collect far more data about you than you’re telling it that can be harmful.”

Jennifer King, Director of Consumer Privacy, Stanford Law Center for Internet and Society.

Abortion ‘bounty hunters’ can use data to earn their rewards

Law enforcement agencies have already targeted other digital sources such as Google searches for ‘abortion pills‘, text messages, and DNA databases to prosecute women for abortions and miscarriages.

With Roe v Wade being overturned, unauthorised sharing of Femtech data could now put women further at risk. In Oklahoma and Texas, so-called bounty hunter laws offer $10,000 or more to informants who assist in successfully prosecuting abortion providers and those who help those seeking abortion. With personal data relatively cheap to buy, plus the ability to de-anonymise it, informants could use data sourced from Femtech to identify abortion seekers and earn big rewards.

Privacy campaigners have warned about the dangers for years

Cybersecurity researchers have been calling for action around the privacy of abortion data for years and are now highlighting the geolocation-specific data gathered through mobile apps, being made available for purchase by third-party data brokers. And Big Tech, in the form of Google, Apple, Facebook and Twitter have readily handed over users’ personally identifiable data to law enforcement when requested to do so.

Women all over the world, not just those in the US affected by Roe V Wade, should think carefully about their use of Femtech and make sure they are informed about data policies and how to properly protect any sensitive personal date.

Paying attention to Femtech use

• Ask questions about any Femtech app you use: What is the data policy? Is it transparent? How is the app protecting its users?

• Use privacy controls. Check for options that allow you to opt out of permissions to sell your data or share it with external partners. Some apps clearly explain how to do this, often the details are buried in the privacy policy. Use your phone settings to limit permissions to location data or contacts. Change location setting to ‘while using’ or ‘ask’ for iPhone apps, and to ‘on’ or ‘off’ for Android.
• Avoid ad tracking. Use phone settings to limit ad tracking if you don’t want targeted ads to ‘follow’ you to social media platforms and potentially tip people off to conditions such as pregnancy. On iPhones, go to Settings, scroll down to ‘privacy,’ click on ‘tracking,’ and toggle off ‘allow apps to request to track’. For Android, go to ‘settings,’ scroll down to Google, and click on ‘ads,’ where you’ll find an option to opt out of ad personalisation.
• Watch what you share. Apps rely on consumers to volunteer information. But just because they ask doesn’t mean you have to answer and share your personal information.
• Use apps anonymously. If the option exists, don’t register with your email address or create an account (but be aware that your identity can still be compromised by merging with other personal data, as discussed above).