How Your Menstrual Tracking App Could Land You in Jail

By Jessica Loudis

If the Supreme Court overturns Roe, women will be forced to grapple with the state’s intrusion into their most private decisions. What many people haven’t considered, is how that intrusion could come through their phones, smart watches and computers.

What will criminalized abortion look like in the age of digital surveillance?

Should federal abortion protections fall, it would be up to each state to devise their own rules around the procedure. It’s estimated that as many as 23 states would outlaw abortion, and some have expressed interest in adapting a version of a recent Texas law that incentivizes private citizens to turn in anybody they suspect of having performed, aided or abetted an abortion.

Because the U.S. has no comprehensive data privacy laws, if abortion were to become illegal in some states, there would be nothing to stop police and civilians from collecting digital data about anybody suspected of having broken the law – even if the individual is in a state where abortion is legal.

To make sense of the potential confusion ahead, we spoke with Michele Gilman, a law professor at the University of Baltimore and the co-director of the Center on Applied Feminism. Gilman recently wrote an article for Ms. magazine about digital surveillance and the role it could play in a post-Roe world.

This interview has been edited for length and clarity.

Before I read your article, I hadn't heard the term “menstrual surveillance” before. Could you explain what that is?

I would describe it as all the different ways that people who menstruate are surveilled. Some of those are technologically driven, like period tracker apps, but they don't necessarily have to be. Surveillance can take the form of employers penalizing employees when they're menstruating or schools not allowing students to take care of their menstrual needs. Surveillance comes in different forms.

What are some examples of surveillance technologies, and how do they work?

There's a huge and booming femtech industry that is getting a lot of interest from venture capital and investors. In general, these apps and devices promise to give women better control over their bodies and better knowledge of how their bodies work. Period tracker apps are just one of them: These are designed to help women and other menstruators know when they're going to get their period, often to avoid pregnancy or to aid in getting pregnant.

What do you think the implications are of really intimate data being accessible to private companies?

The first issue is that there is not a lot of transparency about data use. I think many users aren't aware that their data is not just stored locally on their phone or laptop – it's in the hands of private companies. The next issue is that, as we know from many investigations, some companies that collect private data share it with third parties for advertising and marketing. I know, for instance, of women who have miscarried, and, after their miscarriage, have been tracked mercilessly across the internet with ads and marketing for baby products. Years later, these ads will continue to target them with products for children the age their child would have been. So, to say, you know, it's just advertising, ignores some of the really deep psychological harms that can occur because you have a digital profile that’s different from you in real life. Additionally, there are concerns over whether this data could be bought and sold to a variety of industries. For instance, it could potentially impact whether people can get health insurance and what they might pay for it.

Are there any privacy laws in place right now that could deal with this issue?

In Europe there is the GDPR, the General Data Protection Regulation, but in the U.S., we do not have a comprehensive data privacy law. There are only five states right now with data privacy laws at all. People might think, oh, well, this is medical data. I'm probably protected by the Health Insurance Portability and Accountability Act (HIPAA), but you're not, because HIPAA only covers what patients tell medical providers, and apps are not medical providers. The only real protection we have is if an app violates its own privacy policy, because then the Federal Trade Commission could go after them for engaging in unfair and deceptive business practices. But if an app says outright in its terms of service that it will sell your data to Facebook and Google and other third parties, that's totally legal.

Yikes. Are there any groups of women who would be disproportionately affected by app tracking if Roe were overturned?

Women who live in states where abortion is outlawed. Because in those states, the forced birth movement, along with law enforcement, might be aggressively looking for violations of the law. And period tracking apps aren't the only digital evidence that could be at play – if law enforcement has access to texts or internet browser histories or emails, all that digital evidence could be used against a patient or medical provider who has been charged with violating an abortion law.

We're going to need a lot more digital literacy around these issues, and it strikes me as really unfair that we’ve put the entire onus on women to secure privacy around their information, as opposed to having a supportive legal framework and tech that bakes in data security.

Is that movement already making use of tracking data?

Yes. For several years, anti-abortion groups have been gathering geofencing and location data to identify people sitting in abortion clinics, and then using that data to barrage them with targeted anti-choice messaging. So, we know that this movement can be quite sophisticated in its use of technology. Vice also recently ran a story about a data broker firm that was openly and cheaply selling data about people's visits to abortion clinics, including to Planned Parenthood. That data detailed where each individual traveled from, how long they stayed at the clinic, and where they went afterwards. That's a treasure trove of information for anybody in the forced birth movement who is trying to identify people who have traveled from one state to another to procure reproductive health access. Digital evidence has already been used in the United States to prosecute women who have had a stillbirth or miscarriages – that could grow exponentially.

Where can people learn about how to protect themselves?

There are organizations putting out very practical suggestions on how to protect yourself from digital surveillance. The Digital Defense Fund, for example, which works on digital security for the abortion access movement, has good information; so does the Electronic Frontier Foundation. It’s important to get the word out about this issue, because a lot of people who use these tools find them very helpful, and have never thought about how they could be weaponized against them. Regardless of how one feels about abortion, everyone has a right to data privacy and data security.

You might also enjoy