Key Points
- Users have deleted period tracking apps, citing concerns about the use of sensitive data.
- It comes after the US Supreme Court removed the constitutional right to abortion, overturning the Roe v Wade ruling.
Concerns have been raised over the privacy of technology, such as period tracking apps, and whether their data could be collected and potentially used to incriminate women after the US Supreme Court voted to overturn the landmark Roe V Wade case.
The ruling has ended constitutional protection for access to abortions in the US, triggering protests from coast to coast.
READ MORE
Can an app really prevent pregnancy?
It means access to abortions will now be a state-by-state choice, with 26 states either certain or considered likely to ban abortion.
Now, people are concerned about the wider reverberations of the decision, including online surveillance.
What are period tracking apps and why are users worried?
Millions of people use applications to track their menstrual cycle, with the apps recording their personal health data.
The apps can be used for purposes such as monitoring when periods start and stop, calculating fertility and recording when a pregnancy begins.
Now, users and privacy experts have raised concerns over whether the data stored on these apps could be utilised in a potential criminal case to demonstrate whether somebody has had an abortion.
of period tracking apps reported they are deleting the application over concerns of data privacy, following the US Supreme Court decision.
University of Sydney law professor Kimberlee Weatherall researches the regulation of emerging technology and privacy and data governance.
She said some period tracking apps have had a history of sharing sensitive data.
"Period or menstrual cycle tracking apps can have some evidence of when you have a period, so if you miss a period, or miss a couple of periods and then your periods start again, it could be some sort of evidence that you had been pregnant and are no longer pregnant," she told SBS News.
"The menstrual cycle is obviously extremely sensitive information ... and it's long been the case that quite a number of those applications sell data, or make data available and have had really bad privacy settings."
Professor Weatherall also points out data concerns should not only be limited to period tracking.
A wide variety of data on devices could also be used to assist prosecution, including search engine history, conversations on messaging apps, GPS data that indicates visiting an abortion clinic, online banking showing payment to a provider, or appointment details shared via email.
"The fact is that there's an awful lot of data on people's devices and in their various communications to prove the case if there was an attempt to prosecute a person for having an abortion," Professor Weatherall said.
"And if that data exists, then police and prosecutors do have means to try and get that data by requesting it or subpoenaing it from the various organisations that hold that data."
Is it legal for tech companies to share users' personal data?
According to Professor Weatherall, privacy laws can vary in different states and countries, but police obtaining data for legal purposes is often an exception to privacy laws.
"Data privacy laws are not as strong in the United States as they are in some other countries. So in Europe, for example, you have something like the General Data Protection Regulation (GDPR), which recognises privacy and data privacy as being an important fundamental right," she said.
"In the United States, some states have been enacting privacy laws in the last few years, but it's very patchy and the reality often is that even if data privacy rights exist, law enforcement can get access to it."
How can users be protected?
has advised people to begin by thinking at a high level about ways to improve overall security and keep online activities private.
The EFF's suggestions include using browsers with hardened security settings, turning off browsing history and cookies, turning off location-sensing features, and ensuring any relevant images or documents are deleted across all devices and cloud accounts.
For communications such as planning or booking appointments, the EFF suggests using a new email address, opting for encrypted messaging services, and even using a 'burner phone' that is not connected to the person's regular account.
"The difference between now and the last time that abortion was illegal in the United States is that we live in an era of unprecedented digital surveillance," EFF director of cybersecurity Eva Galperin said in a tweet.
"If tech companies don't want to have their data turned into a dragnet... they need to stop collecting that data now," she added.
What have companies said?
Following the decision from the Supreme Court, period tracking app Flo, which has 43 million monthy users, , vowing to "always stand up for the health of women" and "never sell personal data".
The company also said it would be launching a new "anonymous mode", an option for users to remove their personal identity from their accounts.
"We will do everything in our power to protect the data and privacy of our users and understand the deep responsibility we have to provide a safe and secure platform for you to use," the statement said.
"We will continue to build a better and safer future for female health through comprehensive health education and literacy. This includes providing evidence-based information on effective contraceptive measures, which is a critical part of healthcare, as is access to safe abortions."
The company said users are in full control of their data and can delete it at any time.
In 2021, Flo reached a settlement with the Federal Trade Commission (FTC) following allegations that it had shared users' data with third parties.
Another period tracking app, Clue, said its community's data would be protected by European privacy laws.
"As a community built on trust, we know that a fundamental part of earning that trust is being transparent about how we use and protect the sensitive data that people choose to track with us," the company said in a statement.
"As a European company, Clue is obligated under the world’s strictest data privacy law, the European GDPR, to apply special protections to such health data."
