Roe v. Wade and the New, Murky Data Privacy Morass
The U.S. Supreme Court overturning Roe v. Wade opens up the potential for scrutiny of digital information to enforce laws set in motion by the decision. What new challenges does that bring to CIOs?
Friday, the Supreme Court of the United States overturned Roe v. Wade, undoing what many had regarded as settled law on abortion rights. The decision has cleared the way for a cascade of trigger laws that may lead to new questions about data privacy and compliance. Attorneys and digital privacy advocates are weighing in on the matter just as numerous states have already or are set to enact laws to ban abortion, which might see personal data called into question as such laws are enforced.
How enforcement will affect data privacy is still largely unknown, but speculation has included concerns about how personal health information collected from apps might be used to regulate compliance with such laws. Employers who operate across state lines may find the health coverage they offer employees could come under scrutiny in different jurisdictions -- specifically if that coverage includes providing access to abortions in states where it remains legal. Some companies, such as Disney, are even offering to cover travel expenses to states that will continue to permit the procedure.
The corporate world is now left with a question: What if states demand that companies comply with regional laws that include sharing data about customers, users, or employees for the sake of enforcement?
What Does Abortion Law Mean to CIOs?
Hayley Tsukayama, senior legislative activist for the Electronic Frontier Foundation (EFF), says this a real-world example of the potential harm related to privacy and control that her organization has been worried about. The EFF is a nonprofit organization that advocates for civil liberties in the digital landscape.
“If there are local and state law enforcement agencies that are motivated to pursue prosecutions of people who are seeking abortions or seeking information on reproductive healthcare, we are concerned we will see more warrants and subpoenas and pressure on companies to release information,” she says. Customers' location data or automated license plate reader data, which can track the movement of people in the world, might be used to support prosecutions or be a starting point for prosecution.
Tsukayama compared that to the data infrastructure tapped by law enforcement for immigration enforcement. “That’s the big boogeyman in my mind in terms what companies will have to deal with.”
Data 'Sanctuary States'
With the bifurcation of the country where states such as Texas and Oklahoma are moving to criminalize activities related to abortion, the EFF is concerned with how data will be used to support claims of criminality.
“In California, we’re in support of a bill that basically creates a sanctuary state around reproductive healthcare data so that if another state subpoenas a healthcare care provider in California, California wouldn’t have to issue a responding subpoena,” says EFF's Tsukuyama.
New York has looked at a similar idea, she says, to lock down data within state borders to nix compliance with cross-state investigations into such data. “For companies, we might see more complications in terms of watching that divide grow and having to navigate if you have people in multiple states,” Tsukayama says.
The country and world already have a myriad of general data privacy policies in place or under debate, Tsukayama says, in terms of who controls personal data, how it is used, and the liabilities companies may face for keeping such information. Compliance with one set of data privacy laws, regardless of how stringent they are, does not guarantee that requirements are met in other jurisdictions.