The Supreme Court’s ruling overturning Roe v. Wade – and the return of restrictive state abortion rules, including those in Texas – have led tech and legal experts to warn about the privacy risks associated with period-tracking apps. Privacy advocates say data about monthly cycles, sexual activity or pregnancy status could potentially be used as evidence that someone was seeking an abortion. But just how great is that risk, and what, if anything can be done to ensure the privacy of your reproductive health data?
Texas Standard producer-reporter Shelly Brisbin says understanding how mobile apps, including period trackers, use and secure data is the key to protecting information about reproductive health. Listen to the interview above or read the transcript below.
This transcript has been edited lightly for clarity:
Texas Standard: What kinds of risks does using a period tracker actually pose, and how could this data be used to identify someone seeking an abortion?
Shelly Brisbin: Well, a period tracker gathers information about your cycles, not only when your cycle is supposed to happen, but whether there are irregularities in your cycle that might indicate that a pregnancy had begun, or that a pregnancy has ended and the cycle had changed. So that kind of information could be useful to government or to anyone who wanted to track the status of somebody who might be seeking an abortion or considering one.
But it’s not just period tracking, right? What other kinds of health tracking data could be used to identify someone seeking an abortion?
Fertility tracking, for the same reason, because in fertility tracking, you’re probably providing even more detailed information, perhaps, about your sexual activity, the timing of your attempts to get pregnant.
And then, generally speaking, health data – so your text messages or your searches for abortion information. An example I read mentioned a text message where somebody says to her sister, ‘I’m pregnant’ and maybe they’re not intending that to happen. So any kind of data that you’re transmitting in a mobile context could potentially, and has been, used to track what people are doing in terms of their reproductive health care.
Well, the implications could be huge. What are you hearing about how the tech industry is trying to deal with these questions that more and more people are asking?
The period tracker apps – and there are a lot of them out there – have been asked to basically affirm that they’re going to protect people’s privacy. And there’s been a lot of variation in how they’ve done that. There are a couple of apps, including Clue, which is a European based app that says they abide by the European GDPR privacy regulations and they have promised that they’re not going to sell information, nor are they going to give it away to authorities. You’re going to have to decide whether you trust a company’s promise.
Then there are other companies like Flo that’s creating an anonymous mode so that you can track your period without having to give email or other information. And that’s just coming online. They had planned to do that before the ruling by the Supreme Court, but apparently that process is accelerating.
But of course, that still leaves a lot of room for doubt and concern because you don’t know, as you were suggesting, just how much these companies are going to abide by their publicly stated positions. And with so much at stake, what should people do – not just in regards to these apps, but also more generally in what they’re communicating over the phone?
I think, first and foremost, if a company gives a privacy statement, you should read it. And whatever terms and conditions you have to click to accept, you should absolutely read those more carefully than you might otherwise. If you want to protect your phone data, generally be aware of settings in your operating system – Apple’s iOS and Android. Apple makes a show of privacy settings that allegedly will keep your data a little more secure. But again, be watchful of that. And remember that things like location data and, as I mentioned before, text messages and searches, could potentially be at risk. So it’s just a matter of generally being much more privacy aware than you might previously have been, even if you’re not necessarily seeking an abortion right now.
There are some people out there who have suggested deleting all of these apps, just as a general matter. And the consensus that I’m reading online from people who’ve thought about this for a while is, it’s not necessary to do that right away because there are not any extant state laws that could be problematic. But it could happen. So understanding what’s happening to your data and perhaps dealing with a company that doesn’t store data in the cloud that could be susceptible to authorities’ subpoenas is probably a good start.