In the wake of the US supreme court’s decision to end women’s constitutional right to abortion, some tech companies are moving to close loopholes that allow personal data brokers to monitor and sell information amid fears that mobile apps could be used by US states to police abortion restrictions.
Google said on Friday it would automatically delete records of user visits to sensitive locations, including abortion clinics. Privacy researchers as well as women’s rights groups welcomed the move, having warned that apps used for period tracking, pregnancy and family planning could be used to prosecute those seeking reproductive care.
The “location history” feature on Google’s Android services is typically turned off, the company said. But even if it is active, the company will now delete history of visits to places that many people would prefer to keep private.
“Some of the places people visit – including medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others – can be particularly personal,” Google said in a post on its website.
“If our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit.”
Among other changes is an update to Fitbit software on wearable devices that allows users to track their periods. Users will now have an ability to delete those logs.
Google did not say the policy change was in response to the decision to reverse the supreme court landmark Roe v Wade ruling, which in 1973 established nationwide abortion rights. But privacy experts have warned that should some states seek to criminalize abortion procedures, it could lead to patients and providers having their search, location, email and cloud data used against them in prosecutions.
Caitlin Chin, a fellow with the Strategic Technologies Program at the Center for Strategic and International Studies in Washington DC, said there was an implicit challenge to privacy in the overturning of Roe, highlighted by the absence of a comprehensive federal data privacy law in the US.
The data ecosystem system is so leaky that companies aren’t prepared to cut back on abortion metadata without changing their entire models
“Because law enforcement officers often access data from the private sector, the massive scope and scale of data collection by internet platforms and consumer devices introduce unique questions over the appropriate limitations of government surveillance to enforce state laws,” Chin wrote in a recent paper.
In an interview with the Guardian on Saturday, Chin pointed out that it is not just period or fitness apps that could be targeted by law enforcement. Many popular devices and mobile apps collect personal information, including geolocation, browsing activity, search history, private communications, social media posts, photos, videos and financial transactions, which are then used by developers, data aggregators, advertisers and other third parties.
“This is a really huge problem,” Chin said. “Companies have made it their business model to collect and share data and the data ecosystem system is so leaky that they aren’t prepared essentially to cut back on collecting abortion metadata without changing their entire models.”
Law enforcement agencies frequently access data held by private companies through a variety of mechanisms, including legal requests. From January to June 2020 alone, Apple, Google, Meta, and Microsoft received more than 112,000 legal requests to access data from federal, state and local law enforcement agencies. They fulfilled approximately 85% of those requests.
From January to June 2021, Google received more than 149,000 requests, of which about 78% were fulfilled, according to its transparency report.
Google said on Friday that it would continue to resist improper or overly broad demands for data by the government. In another update, it said it would designate US advertisers as providing abortions even if they dispense pills by mail after a virtual consultation, but lack their own facilities.
“We remain committed to protecting our users against improper government demands for data, and we will continue to oppose demands that are overly broad or otherwise legally objectionable,” the company said.
In statement after the Roe decision, the Electronic Frontier Foundation said: “Service providers can expect a raft of subpoenas and warrants seeking user data that could be employed to prosecute abortion seekers, providers and helpers. They can also expect pressure to aggressively police the use of their services to provide information that may be classified in many states as facilitating a crime.”
“Whatever your position on reproductive rights, this is a frightening prospect for data privacy and online expression,” the foundation added.
One prior case that worries data privacy experts is that of Latice Fisher, who was charged with second degree murder in 2017 after she experienced a pregnancy loss at home. Fisher was ultimately released from jail, and the charges against her were dropped – but not before law enforcement had looked up her search history that included a search for abortion pills.
But while Google has acted over its location history software, if prosecutions begin to flow from the states enforcing abortion bans, the question over data brokers may only become more pressing.
“There are so many entities that collect location data,” Chin said. “While it’s good that Google is stepping to say it will limit and delete data for certain locations, that is just one company. There are so many other entities collecting location data that could be a potential vessel for law enforcement.”
Reuters contributed reporting