(NewsNation) — The leaked Supreme Court draft opinion that could potentially overturn Roe v. Wade is raising questions about data privacy on health tracking apps.
Be it location data, social media posts or search histories — online records will carry greater risk if the constitutional right to an abortion is lost, researchers say.
Anti-abortion groups could use data to target pregnant women with ads as they walk into health clinics and private companies could sell a pregnant person’s location data. Law enforcement could also pore over search histories to mount prosecutions — of women who end their pregnancy or those who help them — in states with restricted access.
Logging period information into an app isn’t inherently dangerous, said Beau Friedlander, cybersecurity expert and co-host of the “What the Hack Podcast Adam Levin.” But since health tracking apps in the U.S. aren’t bound by HIPAA privacy rules, that information could potentially resurface in the criminal prosecution, depending on the circumstances, he said.
“If Roe and Casey are no longer the law of the land, I think that you would do well to avoid using a cycle tracking app and, for sure, entering your cycle information into any sort of health tracking app until the law is reverted … there’s no reason to open yourself up to that kind of risk.”
Companies that run popular menstrual cycle tracking apps have received messages from users who want to ensure their pregnancy and abortion information remain private.
“We’ve had messages from users concerned about how their data could be used by US courts if Roe vs Wade is overturned,” period-tracking app company Clue tweeted Wednesday. “We completely understand this anxiety, and we want to reassure you that any health data you track in Clue about pregnancy or abortion is private and safe.”
Vice reported that it paid $160 for a week’s worth of data from broker SafeGraph. That data showed where people who visited more than 600 Planned Parenthood clinics went before and after their visit.
The SafeGraph CEO told NewsNation in a statement: “We only sell data about physical places (not individuals). Our data is available to anyone to buy.”
Following this week’s leak, SafeGraph said it stopped selling information on visits to abortion clinics, noting “it’s good we were called out.”
But SafeGraph is just one of dozens of data collectors that share personal details.
Last year, menstrual cycle tracking app Flo Health settled Federal Trade Commission allegations that the company shared user health information with outside data analytics providers after promising to keep the information private.
On Wednesday, the company assured users their information was safe.
“We have heard concerns surrounding data privacy should Roe v. Wade be overturned. We understand these concerns and want to assure you that your data is safe with Flo,” the company tweeted. “Flo does not share health data with any third party. In fact, in March 2022 Flo completed an external, independent privacy audit which confirmed there are no gaps or weaknesses in our privacy practices. Beyond this, the audit confirmed that our privacy efforts are fully compliant with the EU-US Privacy Shield Framework Principles.”
Clue offered similar assurance. Clue’s privacy policy says it may disclose information it collects — including personal data — when required to by law. The company, however, is based in Berlin and must apply special protections to users’ reproductive health data under European Union law, the company said.
“The silver lining here is that it’s a great opportunity for people to practice better cyber hygiene,” Friedlander said. “And what that looks like is not oversharing on social media. It looks like making sure your privacy settings are as tight as you can possibly make them. When it comes to data being shared to third parties, it does mean reading the reviews for apps or … Googling those apps (and) making sure that they’re aligned with your your worldview and your beliefs.”
Reuters contributed to this story.