CDT Releases Best Practices for Companies to Protect Reproductive Health Data

(WASHINGTON) — Today, the Center for Democracy & Technology (CDT) released recommendations for companies to protect the privacy of people seeking or providing abortion care. As the one-year anniversary of the Dobbs v. Jackson Women’s Health Organization decision approaches, CDT is urging companies across the economy to protect their customers’ private health information.

The guidance cautions that many types of companies, not just medical providers, collect and share information that can reveal a person’s health and healthcare choices. Online search queries, browsing history, message content, data shared with personal apps, and a person’s location data can all reveal such information, and have already been used in abortion-related lawsuits. 

The set of recommendations also urges companies to closely review the types of user data they collect, and minimize the collection of personally revealing information, reduce how long they store data, and eliminate the sharing of such information in any context not directly necessary to provide services. Companies also should adopt robust processes for managing law enforcement requests, especially in light of recent state “shield laws” that prohibit companies from providing information to out-of-state abortion investigations. 

Alexandra Givens, President and CEO of CDT, says: 

“There’s no upside for a company that is faced with a request to turn over private information about their customers in an abortion-related prosecution: there is only reputational, and potentially legal, risk. The best way for companies to avoid being asked to reveal their customers’ most private information is to not collect that data in the first place. 

When companies reduce the personal data they collect and commit not to sell or share that data, they rightly earn their customers’ trust. We’re grateful to the health service providers, data privacy experts, and other advisors who helped inform this robust guidance for companies to follow after Dobbs.”

Experts from a variety of sectors that influence how data is collected and used, including investors, foundations, reproductive rights advocates, online healthcare resource providers, and advisors to app developers, spoke about why companies should take the steps laid out in CDT’s guidance.

Laurie Rubiner, former VP of the Planned Parenthood Federation of America (PPFA) and former Chief of Staff to U.S. Sen. Blumenthal, says:

“The Dobbs decision upended decades of legal protections for reproductive health care and choice. States hostile to reproductive rights have a new incentive to seek information about people’s health from a host of different companies and use that in criminal and civil actions against patients and providers. Today’s Data After Dobbs Best Practices represent a needed call to action and provide common-sense steps that companies can embrace to better protect their customers.”

Shelley Alpern, Director of Corporate Engagement at Rhia Ventures, says:

“Consumers have made it clear how uncomfortable they are with digital surveillance and the threat of criminal action for benign conduct like searching information about reproductive healthcare. Many companies have also stressed they do not want to play a role in the enforcement of abortion-restrictive laws. Following these guidelines will help businesses reduce their risk of becoming implicated in abortion-related prosecutions while reassuring consumers. We are grateful to CDT for releasing this urgently needed guidance in a time when reproductive rights are under siege in the United States.”

Jake Ward, CEO of Data Protocol, a developer resource platform that promotes privacy and data best practices, says:

“In the post-Dobbs world, decisions application developers make can have implications far beyond the success of their products or businesses. Data minimization and absolute security are bedrock best practices that every data driven company should adopt and maintain. Tools and guides, like CDT’s Data After Dobbs, are invaluable resources to help people make the right design choices for their products when it matters so much.”

Beth Cartier, Infosec Leader, says:

“With the Health Data Privacy Best Practices, the Center for Democracy and Technology continues to put together relevant, timely, and useful guidance to help practitioners protect the privacy of individuals in a continually-changing landscape. Companies, including those offering reproductive health services, will greatly benefit from these principles.” 

Vilas Dhar, President of the Patrick J. McGovern Foundation, says:

“Corporate leaders must do better to prioritize their users’ privacy and rebuild trust with their consumers. Responsible data practices are the bedrock of responsible companies in the digital age. The recommendations CDT is releasing today are reasonable, practical steps that companies across the economy can take. We are proud to partner with CDT in this work. The best practices are informed by consultations with a variety of stakeholders including health service providers, data privacy experts, reproductive rights groups, and members of CDT’s Task Force on Protecting Reproductive Health Information.”

Click here to see all of CDT’s work on protecting reproductive rights and access to information.

###

The Center for Democracy & Technology (CDT) is the leading nonpartisan, nonprofit organization fighting to advance civil rights and civil liberties in the digital age. We shape technology policy, governance, and design with a focus on equity and democratic values. Established in 1994, CDT has been a trusted advocate for digital rights since the earliest days of the internet.