Government Surveillance, Privacy & Data
Report – Data After Dobbs: Best Practices for Protecting Reproductive Health Data
This document outlines best practices for companies that collect, retain, share, sell, and use data about people’s reproductive health. While not exhaustive, these recommendations are a starting point for companies, including small companies, to reduce the likelihood that the information they collect could be used in abortion-related prosecutions and civil lawsuits.
When the Supreme Court reversed Roe v. Wade in Dobbs v. Jackson Women’s Health Organization, it enabled states to further restrict and criminalize abortion. Some states can now prosecute abortion providers, insurers, and, in some cases, even patients themselves. Some states also allow civil actions. Increasingly, law enforcement and civil litigants may turn to companies to gain access to data that could help prove that a person sought, received, aided, or provided an abortion.
Many types of data can reveal sensitive information about a person’s health and healthcare choices. Search queries, browsing history, the contents of communications, and a person’s location data can all reveal such private information, despite not typically being thought of as sources of “medical” or health-related data. Because of this, companies inside and outside the healthcare sector must be responsible for carefully assessing and limiting the private information they collect, store, and share. Without thoughtful action, a company’s data practices may be complicit in sending their customers to prison or exposing them to civil litigation, for personal choices that are still legal in the majority of the United States and that were constitutionally protected for almost 50 years.
In the post-Dobbs era, companies must play an active role in protecting their customers’ and users’ private information. This document details how. It is intended as a practical guide for company decision makers, product designers, developers, advocates, and concerned customers to understand the privacy concerns inherent to many data collection practices, and how companies can act.
