Some state governments and federal regulators were already moving to keep individuals’ reproductive health information private when a report from a U.S. senator last week provided a new shocker detailing how cell phone location data was used to send millions of anti-abortion ads to people who visited Planned Parenthood offices.
Federal law prohibits medical providers from sharing health data without a patient’s consent, but does not prevent digital technology companies from tracking menstrual cycles or an individual’s location and selling them to data brokers. Legislation for federal bans never gained momentum, largely because of opposition from the tech industry.
Whether that should change has become a new political fault line in a country where most Republican-controlled states have restricted abortion — including 14 with bans at any stage of pregnancy — and most Democratic states have tried to protect access since the US Supreme Court in 2022 overturned Roe v. Wade.
Abortion rights advocates fear that if such data is not kept private, it could be used not only in targeted advertising, but also in law enforcement investigations or by abortion opponents seeking to harm those who try to end pregnancies.
“It’s not just a little creepy,” said Washington state Rep. Vandana Slatter, the sponsor of a law her state passed last year to curb unauthorized use of health information. “It’s actually harmful.”
But so far there is no evidence of widespread use of this type of data in law enforcement investigations.
“We’re generally talking about a future risk, not something that’s already happening in practice,” said Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project and a protection advocate.
Last week’s report from Senator Ron Wyden, an Oregon Democrat, showed the largest known anti-abortion ad campaign targeting people identified as having visited abortion providers.
Wyden’s investigation found that information collected by a now-defunct data broker called Near Intelligence was used by advertisements run by The Veritas Society, a nonprofit founded by Wisconsin Right to Life. The ads targeted people who visited 600 locations in 48 states between 2019 and 2022. There were more than 14 million ads in Wisconsin alone.
Wyden called on the Federal Trade Commission to intervene in Near’s bankruptcy case to ensure that location information collected on Americans is destroyed and not sold to another data broker. He is also asking the Securities Exchange Commission to investigate whether the company committed securities fraud by making misleading statements to investors about the senator’s investigation.
It is not the first time the issue has been raised.
Massachusetts reached a settlement in 2017 with an advertising agency that ran a similar campaign nearly a decade ago.
The FTC sued one data broker, Kochava, in 2022 over similar claims in an ongoing case, and settled last month with another, X-Mode Social, and its successor, Outlogic, which the government said sold location data of even users who had opted out of such sharing. X-Mode was also found to have sold location data to the US military.
In both cases, the FTC relied on a law against unfair or deceptive practices.
States are also in the process of passing or considering their own laws specifically aimed at protecting sensitive health information.
Slatter of Washington, a Democrat, has worked on digital privacy issues for years but failed to get a bill with comprehensive protections passed in her state.
She said things changed when Roe was overturned. She went to a meeting in 2022 and heard women talking about deleting menstrual apps for fear of their data being misused.
When she introduced a health-specific data privacy bill last year, it wasn’t just lawyers and lobbyists who testified; women of all ages and from many walks of life also showed up to support it.
The measure, which bans the sale of personal health information without consumer consent and tracking of who visits reproductive or sexual health care facilities, passed with support from nearly all of the state’s Democratic lawmakers and opposition from all Republicans.
Connecticut and Nevada passed similar laws last year. New York has passed one that bans the use of tracking around healthcare facilities.
California and Maryland took a different approach and introduced laws that prevent automated health care networks from sharing sensitive health care information with other providers without consent.
“We are really moving forward with the free-flowing and seamless exchange of healthcare data with the intent of making information accessible so healthcare providers can treat the whole person,” said Andrea Frey, an attorney representing healthcare providers and digital health. systems about. “Conversely, these privacy issues play a role.”
Illinois, which already had a law limiting how health tracking data — measuring heart rate, steps and others — can be shared, passed a new law last year that took effect Jan. 1 that prohibits providing license plate data from the government to law enforcement agencies. states with an abortion ban.
Bills addressing the issue in some form have been introduced in several states this year, including Hawaii, Illinois, Maine, Maryland, Massachusetts, Missouri, South Carolina and Vermont.
In Virginia, legislation that would ban the issuance of search warrants, subpoenas or court orders for electronic or digital menstrual data recently cleared both chambers of the Democratic-controlled General Assembly.
Democratic Senator Barbara Favola said she saw the bill as a necessary precaution as Republican politicians, including Virginia Governor Glenn Youngkin, sought restrictions on abortion.
“The next step in enforcing an abortion ban could be gaining access to menstrual data. That’s why I’m trying to protect that data,” Favola said during a committee hearing.
Opponents asked whether such data had ever been requested by law enforcement, and Favola responded that she was not aware of any particular example.
“It’s just looking for a problem that doesn’t exist,” said Republican Senator Mark Peake.
Youngkin’s administration made clear last year that he opposed similar legislation, but his press office did not respond to a request for comment on his position on the current version.
Sean O’Brien, founder of the Yale Privacy Lab, says there is a problem with the way health information is used, but he’s not sure laws will be the solution because companies could choose to ignore the potential consequences. ignore it and continue to boast and sell information. sensitive information.
“The software supply chain is extremely polluted by tracking the location of individuals,” he said.
___
Mulvihill reported from Cherry Hill, New Jersey. Associated Press reporters Frank Bajak in Boston and Sarah Rankin in Richmond, Virginia, contributed to this article.