100 Days Post-Roe: This FemTech Lawyer Broke Down Everything You Need To Know About Data Privacy And Period Tracking Apps To Protect Yourself Online

    There’s a lot of information swirling around about data privacy and period tracking apps. So what does it all mean? We spoke to a lawyer to get to the bottom of the issue and break down what exactly you need to know.

    This past Sunday, October 2 marked 100 days since the Supreme Court overturned Roe v. Wade, leaving the right to abortion federally unprotected. In that time, 13 states have criminalized abortion, while others have severely restricted its access. Retail chains have limited the purchase of Plan B pills due a surge in demand. And Meta made headlines for turning over private data to law enforcement officers investigating a 17-year-old girl in Nebraska for allegedly using abortion pills.

    women protesting for abortion rights

    As people struggle to protect themselves in post-Roe America, it's become abundantly clear that data privacy is a major concern. Even before the overturn, movements (and tweets) called for the deletion of period tracking apps in fear that users' reproductive health data could be used against them. But seeing as to how detectives in the Nebraska case "noticed" the teen's uses of Facebook Messenger (and subsequently subpoenaed Meta for her private messages), are period tracking apps really what we should be afraid of?

    If you are in the United States and you are using a period tracking app, today is good day to delete it before you create a trove of data that will be used to prosecute you if you ever choose to have an abortion. https://t.co/7L7LaQizgx

    @evacide / Via Twitter: @evacide

    To help break down what you actually need to know when it comes to data privacy and abortion, BuzzFeed spoke with Bethany Corbin, JD, LLM, CIPP/US, CHC, CHPC. If you're drowning in her alphabet soup of degrees, here's the bottom line: Bethany is a healthcare innovation and femtech lawyer, and she outlined six tips on how you can protect your data privacy post-Roe.

    headshot of Bethany Corbin

    Now, if you're confused as to why data privacy, overall, poses a bigger risk than period tracking apps when it comes to the criminalization of abortions, look at it this way: Health data could show that you were, at one point, pregnant, and then you weren't. But that's circumstantial at best. Maybe you had a miscarriage. On the other hand, if you straight-up text your mom that you want to have an abortion and then order abortion pills — well, prosecutors have a much stronger case against you based on your private messages and internet search history.

    screenshot of search suggestions for "abortion pills" on Google

    Though some companies have announced that they will not turn over data for abortion-related cases, it's unlikely that they'll always know what the case involves unless it's explicitly stated in the subpoena. Case in point: After the charges in the Nebraska case came to light, Meta issued a statement revealing that "the warrants did not mention abortion at all."

    Meta and Facebook logos

    Before we dive into how to protect yourself online, let's talk data practices 101, as in what most companies do with your data. Think of data as currency in surveillance capitalism. In order to use an app, you need to make an account, ultimately compensating with some of your data. "That's how they make their money," Bethany said. "They collect more data than needed to make the app function, bundle it together, and sell it to a data broker who could then sell that data to anyone — to you, me, law enforcement — who'd otherwise need a subpoena to get it from the company itself."

    social app icons in a folder on a phone screen

    While selling user data as a major revenue stream is common, the overturn of Roe has sparked massive public scrutiny of data practices, especially in femtech. So here are six ways you can protect your data privacy as it relates to reproductive health in post-Roe America (and no, they don't necessitate deleting your period tracking app):

    1. Read the disclosure section of privacy policies, as well as updates. Since period tracking apps collect health data, there's a misconception that HIPAA protects users. "The thing is, HIPAA doesn't apply to the data," Bethany revealed. "It applies to the entity type. You could give the exact same data to your healthcare provider and an app, and it's protected while in the provider's possession and not while in the app." So because femtech apps aren't created by covered entities, they're treated as tech solutions rather than healthcare. Many apps fall into a regulation gap as a result, subject only to state privacy laws and the FTC, which prohibits unfairness or deception toward consumers. Basically, companies can do whatever with your data so long as they're upfront about it.

    screenshot of data safety section when downloading a period tracking app

    2. Use encrypted messaging. Generally speaking, encryption encodes information to prevent anyone other than the sender and recipient from seeing it. So if a company received a subpoena for messages that were encrypted, it wouldn't actually have access to that data, let alone be able to provide it to law enforcement.

    settings of Facebook Messenger conversation

    3. Understand that any "anonymized" data can be reidentified when using new, well-intentioned features. For example, Flo's Anonymous Mode "deidentifies data…by removing personal email, name and technical identifiers." However, anonymized data can often easily be linked back to you by matching it with another set of data (usually that's publicly available), thus revealing whom the data belongs to.

    a character with a hat and glasses

    4. Keep in mind that data can be manually accessed. Let's be real — we live in a near-entirely digitized world, so you might be thinking that the best way to track your cycle is to use an app that locally stores your data (as in, on your phone vs. in the cloud) or to jot it down in your Notes app. Unfortunately, that's still not foolproof. Law enforcement can just as easily subpoena your device and access the data directly.

    period tracking notes in a Notes app

    5. Look into where the company behind your app physically stores data, as the state's legal structure will impact how your data could be turned over to law enforcement. "I've seen some companies thinking through whether or not they should move things — like their hard drives, data storage facilities, etc. — out of states that are banning abortion," Bethany added, as law enforcement can more easily obtain data stored in states banning abortion than in states defending it.

    interactive map showing US abortion policies and access after Roe by the Guttmacher Institute

    6. Recognize that data security is not infallible. Or, as Bethany put it, "It's not a matter of if — it's a matter of when — that company is going to experience a data breach or a data leak." Just like you've received regretful emails from your email provider to change your password because they've been hacked, so, too, can your period tracking app or messaging app be hacked. Unfortunately, data leaked through hacks could be used to extort not only the company responsible for it but also the individual user, especially in states that ban abortion.

    tabs of BuzzFeed News articles about cyber hacks

    At the end of the day, Bethany's best advice — which she acknowledged "nobody really wants to hear" — is to not put anything online (or in an app) that you're not comfortable with being made public. As long as your data gives inference to the fact that you were pregnant and then not pregnant (and didn't give birth, of course), law enforcement could have reasonable suspicion to investigate. However, it's just as important that we don't rage against or abandon femtech either.

    If you do choose to delete your period tracking app, confirm that deleting the app automatically deletes your data. Sometimes, companies will only delete your data upon request, if at all.

    While big tech needs to be held accountable, it's also true that women's healthcare has historically been neglected, and femtech has the potential to revolutionize it, from accessibility to medical research. And therein lies the irony that femtech — intended to improve women’s healthcare — bears the brunt of the post-Roe data privacy scrutiny rather than tech and data regulations as a whole.

    young women holding pro-abortion signs at a march

    Ultimately, femtech poses as much or as little of a data privacy threat as any other data-collecting platform, from Facebook Messenger to Chrome. And paradoxically, the need to prevent pregnancy increases as states restrict abortion, in turn generating a higher demand for the function of femtech. So whether or not you choose to delete your period tracking app, it's worth taking a second to go over your data privacy and online practices to stay safe and stay informed in post-Roe America.

    To learn more about data privacy and femtech from Bethany, visit her site here.