Tech companies and data brokers that misuse or misrepresent how they handle Americans’ personal data, including reproductive health information, may find themselves on the hook with the Federal Trade Commission, the agency warned this week.
On Monday, the FTC renewed its vow to investigate or sue companies that use Americans’ digital data in unfair or deceptive ways, following an executive order by the Biden administration that explicitly called for it and other agencies to consider steps to protect abortion-seekers. Since the Supreme Court decision overturning Roe v. Wade, civil liberties experts have warned that Americans’ extensive digital footprints could give away whether they have visited an abortion clinic or sought information on how to access an abortion, prompting questions about the security of that data.
“The misuse of mobile location and health information – including reproductive health data – exposes consumers to significant harm,” the FTC said in a blog post. “The exposure of health information and medical conditions, especially data related to sexual activity or reproductive health, may subject people to discrimination, stigma, mental anguish, or other serious harms.”
It added: “The Commission is committed to using the full scope of its legal authorities to protect consumers’ privacy. We will vigorously enforce the law if we uncover illegal conduct that exploits Americans’ location, health, or other sensitive data.”
In particular, the FTC said, regulators will closely scrutinize corporate claims that Americans’ data has been or will be “anonymized,” in light of substantial research showing that it can be trivial to reverse-engineer a person’s identity from anonymized datasets. The FTC said it has also sued companies in the past for collecting more data than consumers have consented to providing or that retain user data for indefinite periods of time.
Last year, the FTC settled with Flo Health, the maker of a fertility app used by more than 100 million consumers, for allegedly sharing pregnancy and other data with Facebook and Google despite saying the information would only be used to facilitate the app’s normal function. (In a statement at the time, Flo said the settlement was “not an admission of any wrongdoing.”)
The FTC’s warning is a reminder that digital information ostensibly collected for one purpose may wind up being used for others through the country’s sprawling and loosely regulated data economy, in which personal data is constantly bought and sold, or chopped up and repackaged with other information.
According to a 2014 FTC report, some data brokers may hold thousands of pieces of information on every consumer in the United States. FTC Chair Lina Khan has said the agency is considering drafting new regulations to rein in what she has called a “commercial surveillance” industry that profits from intrusive data collection and sharing, while Congress is currently considering a bill that could enshrine a baseline data privacy right for all Americans at a national level for the first time in US history.
Monday’s warning is in some ways routine; the FTC has prosecuted numerous data security and privacy cases over the past decade, and courts have broadly supported the agency’s authority over data breaches and leaks. But the FTC statement takes on greater significance as policymakers and digital rights groups have sounded the alarm over the novel risks that geolocation, search and other data may pose to abortion-seekers in the wake of the Supreme Court ruling.