(WASHINGTON) — Today, the Center for Democracy & Technology (CDT) released recommendations for companies to protect the privacy of people seeking or providing abortion care. As the one-year anniversary of the Dobbs v. Jackson Women’s Health Organization decision approaches, CDT is urging companies across the economy to protect their customers’ private health information.
The guidance cautions that many types of companies, not just medical providers, collect and share information that can reveal a person’s health and healthcare choices. Online search queries, browsing history, message content, data shared with personal apps, and a person’s location data can all reveal such information, and have already been used in abortion-related lawsuits.
The set of recommendations also urges companies to closely review the types of user data they collect, and minimize the collection of personally revealing information, reduce how long they store data, and eliminate the sharing of such information in any context not directly necessary to provide services. Companies also should adopt robust processes for managing law enforcement requests, especially in light of recent state “shield laws” that prohibit companies from providing information to out-of-state abortion investigations.
Alexandra Givens, President and CEO of CDT, says:
“There’s no upside for a company that is faced with a request to turn over private information about their customers in an abortion-related prosecution: there is only reputational, and potentially legal, risk. The best way for companies to avoid being asked to reveal their customers’ most private information is to not collect that data in the first place.
When companies reduce the personal data they collect and commit not to sell or share that data, they rightly earn their customers’ trust. We’re grateful to the health service providers, data privacy experts, and other advisors who helped inform this robust guidance for companies to follow after Dobbs.”