Women’s menstrual cycle data recorded in the menstrual application can be used as evidence in a lawsuit against a woman who decides to have an abortion. This is the fear that spread among Americans after the Supreme Court’s decision to revoke abortion rights, which have been guaranteed since 1973.

“Delete your period app today”, it reads in a message posted on Twitter. “If you record your period on line or you track your cycle via your phone, unsubscribe and delete your data. Now”, other users insist. “Countries can already access your data in your app. If you travel when you are not menstruating, they will abuse you for wanting to have an abortion. Delete your app now.” write another woman.

For now, according to newspaper accounts New York Time, abortion has been banned in at least nine states. According to the media, this revocation of rights will continue to spread and could take effect in other states in the coming days. Other investigations They went one step further and showed that 26 of the 50 states that make up the United States could enforce a High Court decision and make abortion illegal. In the same way, Google searches, location information, application period registration, and other intimate data can be used as evidence of a crime, according to these messages on social networks.

Can women who decide to have an abortion be monitored through the information collected on the menstrual app?

Millions of women use menstrual apps to track their cycles. For example, Flo, one of the most popular, was downloaded a million times in the past month, based on Sensor Tower data, application analytics company. This app records and stores reproductive health data: menstruation, ovulation, and pregnancy. That data, along with the location or type of Internet search, could be especially relevant before state courts that ban abortion or that will do so in the coming days to prosecute women who violate the new law.

Several menstrual monitoring apps have rushed to reassure their users with public statements that they fear their data will be used in lawsuits if they want to have an abortion. This is the case of the Clue app, which was downloaded 400,000 times in the past month, according to the Sensor Tower. “We have received messages from users who are concerned about how their data might be used by US courts if Roe v Wade is overturned. We fully understand this concern and want to reassure you that any health data you record in Clue about a pregnancy or abortion is private and secure.” the company wrote on Twitter. The directive, in addition, alleges that its headquarters in Germany fall under European data protection standards.

Stardust app, downloaded 100,000 times in the last month according to the Sensor Tower, also sends a reassuring message: “We don’t sell data. We never sell data. We will never sell data.” the company has written in a statement.

However, neither company has explained what the process would be if a prosecutor or judge issues a subpoena to obtain user data, imposing a legal obligation on menstrual apps to share intimate information about their clients’ reproductive health. .

Doctor of Political Science and professor at City, University of London, Jimena Valdez, explained to Newtral.es that “the abuse of women who decide to have abortions in the US is nothing new, even before the Roe v. Wade ruling, abortion was criminalized”. , which is unprecedented is the level of oversight and control that can be exercised through technology.“In a state where abortion is outlawed, no doubt all apps and the digital world will be key to molesting and controlling women.”

What do US laws say about data protection?

Based on 2021 report from the International Council for Digital Responsibility (IDAC) in the US, applications do not have to comply with the federal Health Insurance Portability and Accountability Act (HIPAA) which regulates the privacy standards of patients who are subject to doctors, hospitals, laboratories, and health insurance companies. In addition, there are no regulations that define what is meant by sensitive health information.

In other words, personal health data voluntarily entered into a menstrual application is not protected by federal patient privacy regulations and has the potential to violate patient confidentiality because courts have criminalized abortion. Faced with this helplessness, several groups have published citizen guidelines to prevent intimate information from being controlled when seeking abortion or receiving reproductive health care. Among these organizations are Digital Defense Fundthat Repro Hukums Legal Helpline and Electronic Border Foundation.

“The United States is a very federal country, with laws that differ from state to state,” explains Valdez. “There is no national data protection law and the most stringent, which resembles European law, is California,” he added. For political scientists, “if there is progress in criminalizing abortion and the government starts requesting data from companies, the application will without a doubt send it without considering user privacy preferences.”

What do data protection laws say in Europe?

Data of users using apps, including menstruation apps whose safety was questioned after the ruling criminalizing abortion in the US, is protected by General Data Protection Regulation (RGPD), mandatory since May 2018. This rule applies to companies processing EU citizen data, although it also requires compliance with applications that have their headquarters outside the EU but that offer their services to users located in the region.

This policy must be written in concise language, simple, easy to understand and easy to use. However, the problem often is that these policies contain vague and general wording or are limited to offering an indicative or incomplete list of what companies can do with your data.

European law was transferred to Spanish law in the form of Organic Law 3/2018, Personal Data Protection and digital rights guarantee (LOPD GDD). “Despite the fact that in Europe and, therefore, in Spain, there are more laws than in the US, it is always possible to violate the rules by accusing national protection, terrorism or other reasons,” Valdez added.

Does the application of menstruation raise doubts on other occasions?

This is not the first time doubts have been raised about the risks associated with the treatment of intimate data in menstrual apps, as happened after the ruling criminalizing abortion. In 2019, UK-based NGO Privacy International, published a study where it shows how some of the most popular apps for logging periods share their user data with Facebook and other companies.

Apps targeting EU users must, among other things, comply with strict consent and transparency obligations regarding the processing of personal data, a Privacy International investigation concluded, “but often don’t.”

It International Council for Digital Responsibility, for its part, found that some menstrual apps share unencrypted data and transmit information to third parties without communicating it to their users in their privacy policies. As in the case of the Flo app, which investigated by the Federal Trade Commission to share its users’ personal data to Facebook and Google despite promises to protect them. The commission and the company reached an agreement that forced Flo to get consent from users before sharing their data.