FTC puts data collectors and brokers on notice in light of abortion bans

The Federal Trade Commission (FTC) warned this week that it will use “the full scope of its legal authorities” to protect people’s private information following concerns raised by members of Congress, activists and others in light of the recent abortion bans that have gone into effect over the last two weeks. 

“The Commission is committed to using the full scope of its legal authorities to protect consumers’ privacy,” said Kristin Cohen, acting associate director at the FTC Division of Privacy & Identity Protection. 

“We will vigorously enforce the law if we uncover illegal conduct that exploits Americans’ location, health, or other sensitive data. The FTC’s past enforcement actions provide a roadmap for firms seeking to comply with the law.” 

Several states have already passed laws criminalizing abortion since the Supreme Court struck down Roe v. Wade, opening the door for state authorities to subpoena companies that collect healthcare and location data. 

Cohen said the concerns many women have raised about data related to personal reproductive matters – including “products that track women’s periods, monitor their fertility, oversee their contraceptive use, or even target women considering abortion” – are more than just theoretical.

She listed several examples of companies collecting and selling sensitive healthcare information like this, exposing it widely and potentially endangering women in the process. 

Cohen cited a 2017 case where the Massachusetts Attorney General reached a settlement with marketing company Copley Advertising for “using location technology to identify when people crossed a secret digital “fence” near a clinic offering abortion services.”

“Based on that data, the company sent targeted ads to their phones with links to websites with information about alternatives to abortion. The Massachusetts AG asserted that the practice violated state consumer protection law,” Cohen said, adding that the FTC also recently reached a settlement with Flo Health, alleging the company shared with third parties – including Google and Facebook – sensitive health information about women collected from its period and fertility-tracking app, “despite promising to keep this information private.”

“The misuse of mobile location and health information – including reproductive health data – exposes consumers to significant harm. Criminals can use location or health data to facilitate phishing scams or commit identity theft. Stalkers and other criminals can use location or health data to inflict physical and emotional injury,” she said.

She listed several other consequences of exposing health data and said the harms “are exacerbated by the exploitation of information gleaned through commercial surveillance.”

Protecting health data

The FTC warning came after U.S. President Joe Biden signed a wide-ranging executive order on Friday that included measures related to stopping data brokers and companies like Apple and Google from sharing consumer data. 

“The President has asked the Chair of the Federal Trade Commission to consider taking steps to protect consumers’ privacy when seeking information about and provision of reproductive health care services,” the White House said in a statement on Friday. 

The White House said it was also ordering the Department of Health and Human Services (HHS) to consider several other options to “better protect sensitive information related to reproductive healthcare.”

The Office for Civil Rights within HHS has been directed “to take initial steps to ensure patient privacy and nondiscrimination of patients, as well as providers who provide reproductive healthcare.”

New guidance will be issued related to how the HIPAA Privacy Rule protects the privacy of individuals’ protected health information, including information related to reproductive healthcare.

The White House said the rules are designed to make sure doctors, medical practitioners and health insurance companies know that they are not required to, and in some cases not allowed to, disclose patients’ private information to law enforcement.

HHS will also issue a how-to-guide for how consumers can protect the personal data they have on apps. 

Several members of Congress from the House Oversight Committee sent a letter to data processing company Babel Street last week demanding more information about the “collection and sale of sensitive personal data related to access to abortion and other reproductive health services.”

The letter mentions companies like SafeGraph and Placer.ai that collect troves of sensitive data. 

The House members noted that a recent study found that 87% of the 23 most popular women’s health apps – including reproductive health apps – “shared user data with third parties, yet just over 50% requested consent from their users.”