Roe v. Wade’s overturn: The impact on data protection and law enforcement

MicrosoftTeams-image - 2022-07-01T153131.389

Article originally published on the IAPP website. You can check out the article here.

On June 24, the U.S. Supreme Court overturned Roe v. Wade, confirming the understanding contained in the draft decision leaked in early May. Roe v. Wade is a paradigmatic decision that secured the constitutional right to abortion in the country in 1973. After 49 years, it came to an end.

The recent decision allows a number of U.S. states to adopt laws criminalizing abortion in a short time. It is thought that approximately half of the U.S. states will ban or severely restrict the practice. This is representative of the expansive criminalization trend of women seeking or having abortions, abortion clinics or even fundraisers for abortion care in that country.

It is worth noting that several states were already taking steps to make it more difficult to exercise the right to abortion before Roe v. Wade was overturned. In late 2021, Texas enacted Senate Bill 8, which banned abortions after six weeks of gestation and encouraged people to report individuals seeking abortions or those willing to help them to law enforcement for a financial reward. Now that the decision has been overturned, this example may become the rule.

Along with the abolishment of the right to abortion, the decision threatens the right to privacy.

Regarding this matter, some questions arise: what happens when a legal action becomes illegal in a short time? What happens when personal reproductive health data handled by several companies become potential evidence of a crime?

Moreover, what are the consequences when this happens in a country that does not have comprehensive data protection legislation to regulate the processing of reproductive health data? Or does not have systemic legislation on the right to the protection of personal data in law enforcement activities, as is the case in the U.S.?

Today, information about whether a particular woman has decided to have an abortion can be inferred in different ways. It can be found in period tracking applications, online searches for abortion pills, employee medical records, geolocation tools, and, of course, in physical or digital health care platforms. In the case of fundraisers for abortion care, this data may also be found on payment and credit transfer platforms.

Obtaining access to this kind of data is not exactly difficult. Shortly after the Supreme Court draft was leaked, a reporter purchased aggregate data from people who visited more than 600 legal abortion clinics around the country for $160. The data showed where people came from, how long they stayed at the clinics and where they went afterward.

In 2020, GoodRx, a pharmaceutical discount company reportedly sold health information to marketing companies, including Google and Facebook, about the types of drugs people searched for. After a Consumer Report investigation, the company updated its practice, strengthening privacy controls. It does not seem unlikely that a similar situation could occur again with abortion-related drug searches.

Also, it is worth mentioning the Target case, in which the chain, through consumption pattern algorithms, discovered a teenager was pregnant before her family even knew it. And the teenager didn’t need to buy diapers or pregnancy tests for the company to reach this conclusion.

Allied to the availability of reproductive health information and the practically nonexistent systemic regulation of data protection in the U.S. is that these platforms were designed for an environment where it seemed unimaginable that Roe would be overturned. In other words, there was no general concern about whether certain information could lead to a woman’s arrest when these platforms were designed and constituted.

The reality shows that most companies processing data potentially related to abortion are not yet ready for the consequences of criminalization, mainly because they have not implemented administrative and technical measures to protect this information.

There are two possible uses of data related to reproductive health by law enforcement agents in the context of criminalization. The first is when the state uses it as evidence in an investigation or prosecution. For example, a woman is admitted to an emergency room claiming to have had a miscarriage. Upon suspicion, the nursing staff reports her to the authorities, who may then request access to her search history to verify searches for abortion pills.

The second is when technologies are employed for intensive monitoring of suspicious conduct by law enforcement in the context of dragnet surveillance. For example, monitoring the number of searches for abortion pills in one week on devices in a particular city.

If women, clinics and fundraisers shared abortion-related data in confidence before Roe v. Wade was overturned, this data would become a threat to themselves.

This type of data can fall into the hands of anti-abortion activists or law enforcement authorities with harsh consequences for data subjects. The discriminatory potential of health or financial information becomes greater with criminalization since we would be facing the stigma of “delinquency” and the concrete possibility of criminal punishment (which can be the same as the penalty for homicide in some localities).

After analyzing these cases, we are faced with the general need to balance state power with fundamental rights and freedoms, including privacy and data protection, to seek legitimacy for enforcement measures. It is thinking about how to apply the principles of legality and proportionality to the actions of police and judicial authorities. Without the protection of individual guarantees and liberties and limits to the punitive and vigilant state power, what is left is authoritarianism and excessive surveillance.

In addition to thinking about how companies can protect personal data in their activities or even how people can protect their data, it is urgent to debate new forms of regulation. In this sense, it is worth questioning the limitations of obtaining personal data by law enforcement authorities, including the limits on sharing between public and private agents when the purpose is law enforcement.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp