PHILADELPHIA (AP) — When Chandler Jones realized she was pregnant during her junior year of college, she turned to a trusted source for information and advice.
“I couldn’t imagine before the internet, trying to navigate this,” said Jones, 26, who graduated Tuesday from the University of Baltimore School of Law. “I didn’t know if hospitals did abortions. I knew Planned Parenthood did abortions, but there were none near me. So I kind of just Googled.”
But with each search, Jones was being surreptitiously followed — by the phone apps and browsers that track us as we click away, capturing even our most sensitive health data.
Online searches. Period apps. Fitness trackers. Advice helplines. GPS. The often obscure companies collecting our health history and geolocation data may know more about us than we know ourselves.
For now, the information is mostly used to sell us things, like baby products targeted to pregnant women. But in a post-Roe world — if the Supreme Court upends the 1973 decision that legalized abortion, as a draft opinion suggests it may in the coming weeks — the data would become more valuable, and women more vulnerable.
Privacy experts fear that pregnancies could be surveilled and the data shared with police or sold to vigilantes.
“The value of these tools for law enforcement is for how they really get to peek into the soul,” said Cynthia Conti-Cook, a lawyer and technology fellow at the Ford Foundation. “It gives (them) the mental chatter inside our heads.”
HIPAA, HOTLINES, HEALTH HISTORIES
The digital trail only becomes clearer when we leave home, as location apps, security cameras, license plate readers and facial recognition software track our movements. The development of these tech tools has raced far ahead of the laws and regulations that might govern them.
And it's not just women who should be concerned. The same tactics used to surveil pregnancies can be used by life insurance companies to set premiums, banks to approve loans and employers to weigh hiring decisions, experts said.
Or it could — and sometimes does — send women who experience miscarriages cheery ads on their would-be child’s birthday.
It's all possible because HIPAA, the 1996 Health Insurance Portability and Accountability Act, protects medical files at your doctor’s office but not the information that third-party apps and tech companies collect about you. Nor does HIPAA cover the health histories collected by non-medical “crisis pregnancy centers, ” which are run by anti-abortion groups. That means the information can be shared with, or sold to, almost anyone.
Jones contacted one such facility early in her Google search, before figuring out they did not offer abortions.
“The dangers of unfettered access to Americans’ personal data have never been more clear. Researching birth control online, updating a period-tracking app or bringing a phone to the doctor’s office could be used to track and prosecute women across the U.S.,” Sen. Ron Wyden, D-Ore., said last week.
For myriad reasons, both political and philosophical, data privacy laws in the U.S. have lagged far behind those adopted in Europe in 2018.
Until this month, anyone could buy a weekly trove of data on clients at more than 600 Planned Parenthood sites around the country for as little as $160, according to a recent Vice investigation that led one data broker to remove family planning centers from the customer “pattern” data it sells. The files included approximate patient addresses (down to the census block, derived from where their cellphones “sleep” at night), income brackets, time spent at the clinic, and the top places people stopped before and after their visits.
While the data did not identify patients by name, experts say that can often be pieced together, or de-anonymized, with a little sleuthing.