Reproductive Rights Have Been Privacy Rights For 50 Years

About fifty years ago, the U.S. Supreme Court decided a case that would provide the basis for federal privacy protections for reproductive health decisions. The importance of protecting reproductive information and choice, particularly where abortion was concerned, was the basis for Roe v. Wade (1973) and Planned Parenthood v. Casey (1992), which provided women and pregnant individuals a basis for believing that their reproductive status and choices were confidential between them and their chosen healthcare provider. That decision was the law of the land for the decades that followed.

Two years ago, on June 24, 2022, the Supreme Court issued its decision in Dobbs v. Jackson Women’s Health Organization, overturning Roe and Casey, and removing the constitutional protections around reproductive choice and information, instigating and catalyzing a spate of laws criminalizing the act of seeking or providing abortion. In addition to reducing medical access and kindling distrust in reproductive health technologies, the decision propelled economic disruption and sparring between legal jurisdictions from cities to states to federal. 

The effects have also spilled beyond the traditional healthcare and medical spaces. Suppliers of consumer-facing health and health-adjacent applications and services, from “period tracker” apps to activity loggers, have been forced to grapple with the question of how to continue to render their core services while ensuring that individuals’ data is protected against access that could lead to prosecution or persecution. Perceptions of privacy risks around data have become a significant weight on the balancing scale between protecting reproductive privacy and developing technologies and data that progress reproductive care and health.

In the wake of Dobbs, reproductive data and inferences drawn regarding reproductive status, as well as related information, have become a significant area of inquiry by lawmakers and regulators. State and federal lawmakers and regulators have coalesced around privacy as the basis for reproductive rights, generating proposals that weigh heavily on the side of restricting sensitive data to achieve protection. These include:

• Laws and rules restricting the transfer of data between adversarial jurisdictions including ‘Shield Laws’ created by abortion-protective states to reduce data sharing for prosecution of abortion seekers and providers. In response to Executive Order 14076 on “Securing Access to Reproductive and Other Healthcare Services,” the Department of Health and Human Services (HHS) recently issued a rule prohibiting the use of reproductive information for investigative or prosecutorial purposes where “reproductive care may be assumed to be lawful in the context it was given” and emphasizing confidentiality as integral to patient-provider trust.
  
• Explicit and emphatic protections for reproductive and gender-affirming care in broader privacy laws such as Washington state’s ‘My Health, My Data’ Act (MHMDA), described as a comprehensive privacy law. The portions and variations of the MHMDA ‘framework’ has made cameos in other state laws, including two recent proposals that ultimately failed to become law – the arguably more expansive New York S 158E that failed to receive the requisite votes and Vermont H 121, which was vetoed by the governor. Vermont’s governor cited the PRA as a key reason for the veto. The MHMDA PRA has also garnered far more attention than Nevada’s ‘use-based’ framework of sensitive data – argued by privacy scholars as a more effective approach.
  
• Explicit reference to reproductive examples, such as location data related to abortion clinics in Federal Trade Commission (FTC) enforcement actions throughout 2023 and 2024. In 2023 the FTC pursued cases including those related to “unauthorized disclosures ”of “sexual and reproductive health” information in GoodRx and Easy Healthcare/Premom, as well as in reference to location data related to “reproductive health clinics” in Kochava. Unauthorized disclosures were a paradigmatic change in the FTC’s 2024 Health Breach Notification Rule (HBNR) rulemaking stemming from its inaugural application in GoodRx. In 2024, the FTC’s action against InMarket noted the company’s collection of location information, including where consumers “receive medical treatment”, and the X-Mode documents discussed the sensitivity of location of “women’s reproductive health clinics”. 
  

The basis for privacy as the protective modality for reproductive care set in 1973 placed the responsibility of sound and equitable data practices squarely in the hands of privacy professionals today. In the two years since Dobbs, the issue of reproductive care has drastically shifted privacy policies in increasingly polarized directions across jurisdictions, disrupting data flows, including those that support reproductive and gender health. These disruptions have complicated and inhibited the slow correction of representation in data for improved health outcomes. It is imperative that new privacy laws and policies simultaneously protect and facilitate reproductive and gender health access and improvement.