Congresswoman Sara Jacobs explains why we need to protect reproductive health data

Congresswoman Sara Jacobs explains why we need to protect reproductive health data

Jun 28th, 2022Fast Company

For as long as the internet has been in existence, abortion was, until last week, a constitutionally guaranteed right. The Supreme Court’s decision on Friday to overturn Roe v. Wade will have a number of obvious ripple effects, most significantly the so-called trigger laws that 13 states enacted to immediately ban the procedure. The decision also has huge implications for the information we access through our phones: Personal reproductive data collected in apps and sold to brokers becomes far more dangerous, as it could be aggregated or purchased by police or right-wing groups to find, and target, women who may be considering an abortion.

Congresswoman Sara Jacobs, a Democrat from California, believes personal reproductive health data—such as that collected in period-tracking apps—should have a special federal privacy protection. That’s the message behind her new bill, the My Body, My Data Act, which was introduced in the House on June 21. Democratic Senators Mazie Hirono of Hawaii and Ron Wyden of Oregon will introduce a Senate version.

The bill, which has been endorsed by groups like Planned Parenthood and the Electronic Frontier Foundation, would create via the Federal Trade Commission a new standard to safeguard reproductive health data.

We spoke to Jacobs about the bill and its political prospects on Friday, the day the Supreme Court handed down its controversial decision overturning Roe. Her comments have been edited for length and clarity.

What requirements would your bill put on tech companies?

It basically limits the data that can be collected, retained, or used to what is strictly necessary to deliver their product or service. So instead of only mandating what can be done with the data we’re also mandating how much of the data they can collect.

With regard to period-tracking apps, what would the protections do?

I use a period-tracking app every month. It predicts for me when I should get my period. So, for instance, you could see right now there’s no protections from, say, a right-wing group or nonprofit group in Texas buying that data from these tech companies to create a way to surveil when women should be getting their period but aren’t (indicating a possible pregnancy).

What this bill would do is say the app maker could only collect what is strictly necessary for what it needs to provide the service, and then that it can’t share or sell that data without my express consent.

Was the impetus for writing this bill the leaked draft opinion in May indicating the Supreme Court was about to overturn Roe v. Wade?

When the leaked draft opinion came out I started getting text messages from friends and constituents who were asking me what they should do about these apps and all their other data. And I realized that it shouldn’t be on each individual person to try and figure this out.

It’s our job as the government to put in place protections, and especially for this—some of our most sensitive and personal data. It deserves the highest level of safety and protection we can give it, like we do with other health data.

How might different groups use this data if it went unprotected?

Let’s first talk about private nonprofit groups. We know in Texas there’s the bounty law that’s part of their anti-abortion legislation; it incentivizes individual people to try to figure out who is getting an abortion so they can turn them in. Right-wing groups are starting to collect and buy this data so they can tell who should be pregnant.

We’ve already seen some of this data be used against people. You could see in states where abortion becomes criminalized, if you’re using this [app], it also has your location data, so even if you go out of state to try and get an abortion, this data would be able to tell that, and it could be used by law enforcement against you.

So one of these apps could read the GPS from the smartphone and couple that data with the app data.

And this data is already on the marketplace right now—I mean, it is very common for apps and websites of all kinds, not just reproductive. Basically their business model is to collect as much data as they can and then sell it for the purposes of ad targeting. That’s how they make their money when they provide this “free” service.

Do you think the police have their own kind of digital dragnet, which could be used to actively look for people who might be seeking abortions?

I don’t know exactly what different local police forces use in terms of data surveillance. We know that many police forces do use data surveillance as part of their work. But that’s why it’s so important that this is a data minimization approach because it’s not just about what they can access. It also limits what’s even collected.

Aside from period-tracking apps, there seem to be other ways in which a woman might inadvertently divulge that she missed her period. She might say it in a chat app or on social media. Does your bill cover those things too?

It covers apps, services, any websites, any searches, and it’s about any reproductive or sexual health data.

So you don’t think we can trust companies like Apple to place proper data collection restrictions on the app developers? Why do we need federal government to get involved?

We can’t rely on the goodwill of individual companies. And this is a basic service of government—to provide protections for our most personal and sensitive data. We already do it with HIPAA (Health Insurance Portability and Accountability Act of 1996) for other forms of health data. And this is just making sure that our reproductive sexual health data has the highest level of protection.

For years Congress has failed to pass any wide-ranging privacy legislation that would cover the tech industry. Where does your bill fit in within this wider need for data privacy legislation? Is this something that might be swept into a larger bill that covers more aspects of privacy?

As a millennial, I have lived most of my life online. I think it’s long overdue for Congress to have a much larger conversation about data privacy and protection. I also think at this moment there is an urgent need to protect this particular kind of data with particular kinds of protection needs.

For instance, in most of the data protection bills that are currently being discussed, they all have a carve-out (exemption) for small businesses and small nonprofit organizations. But for this specific kind of data you actually would not want that carved out, because that’s actually one of the cases that we are very worried about is small, right-wing nonprofit groups buying up this data. So this is a specific, urgent problem. It is complementary to all the other efforts.

Can you provide some insight into the politics around this bill, and how it’s progressing in Congress?

We’ve got many cosponsors from across the ideological spectrum. I was actually just talking about it with leadership today. I think everyone knows that we need to act quickly to put protections in place, given the Supreme Court decision. I think there’s a good likelihood that it comes up for a vote.

Back to the latest