When you are first learning about the world of data privacy, you often get a lesson in the different types of privacy. Communications privacy is pretty easy to grasp — no one wants anyone else reading their emails. Behavioral privacy is generally explained as “no one needs to know with whom you’re sleeping” and most people get that. And data privacy, of course, is the topic du jour, as more and more of our lives are spent online.
Finally, there is bodily privacy — the idea that we are the ultimate deciders of what happens to our bodies.
The recent news over the leaked opinion from U.S. Supreme Court Justice Samuel Alito that would strike down Roe V. Wade here in the United States presents an interesting conjunction of all of these different types of privacy and should have all privacy professionals thinking about how a post-Roe world might affect their work and the privacy landscape writ large.
For instance, Washington Congresswoman Suzan DelBene suggests that a post-Roe world calls for a strong federal privacy bill:
“If the draft Supreme Court decision becomes the final,” she writes, “it will threaten women in a multitude of ways in this country. Because our tech laws are so behind, the personal information of millions of women is currently at risk. This includes data from internet searches about reproductive health care including abortions, menstrual tracking and other women’s health apps, and which medical facilities a woman has visited.”
At least 30 privacy professionals have come to a similar conclusion, saying in a drafted letter that “[F]or too long, the U.S. has approached decisional privacy — the privacy recognized in Roe v. Wade — and information privacy as different, while in reality these are both elements of the same fundamental right. We call for the right to privacy, both in our decisions and in the data that informs our decisions, to be protected at the federal level.”
We have seen already that some providers of location data information here in the United States sell data that shows where people who have visited abortion clinics came from and travel to. One publication was able to buy a week’s worth of such data for $160. Given that we’ve had evidence since 2013 that just four location data points can identify an individual 95% of the time, it’s not hard to see how personal that data might be, especially in a future where some states have legal abortion and others do not.
Will this be the impetus for the U.S. federal privacy law to finally get some momentum behind it?
Further, will a post-Roe world change the ethical calculations that U.S. companies make about the types of data they collect, share, and make available? Already, SafeGraph has responded to news about its data-selling by ceasing to sell data about abortion clinic visits.
It is also worth considering how a post-Roe United States is viewed by other countries around the world with which we do digital commerce.
Eduardo Ustaran, someone I have worked with on a number of occasions and an important thinker in European privacy spaces, believes a post-Roe United States could greatly affect data flows with the EU. He argues that, “[A]t a time when U.S. privacy credentials are under the microscope, this could be as earth-shattering for data flows” as the Snowden revelations, which we all know brought down the Safe Harbor program and, eventually, Privacy Shield as well.
Europe’s view of privacy as a fundamental human right has always been in contrast with the United States’ view of privacy as a constitutional matter. While the former is inviolable, the latter, as we have seen vividly these past weeks, is a matter for debate. Ustaran argues, and it’s not hard to follow his reasoning, that the decision that Roe is not the law of the land in the United States could demonstrate a stance toward privacy that is simply too far from the way in which the EU sees it for them to ever feel comfortable sending personal data to the United States under any kind of blanket agreement.
This would obviously extend and aggravate what is already one of the biggest headaches for international businesses.
I am no constitutional scholar, so it’s hard for me to comment directly on the merits of Alito’s opinion or any other argument about the validity of the original Roe v. Wade decision, but I’ve been in privacy for a very long time and can see that we may soon find ourselves in a seminal moment as privacy professionals. How does the United States see privacy and its importance as a right extended to its citizens? Will citizens rise up and demand federal protections? Will the EU and other countries fundamentally change their opinion about doing business with the United States?
We will soon get the answers to these questions. But one thing is clear: Roe v. Wade is about much more than abortion.