How to protect personal health data like menstrual cycles


Questions about the menstrual history of the Florida High School Athletic Association’s student-athlete entry form have reignited a major concern in the wake of the U.S. Supreme Court’s overturning decision. Roe vs. Wade: How to protect our personal health data?

Genius Gebhart [ Electronic Frontier Foundation ]
Daly Barnet
Daly Barnet [ Electronic Frontier Foundation ]

The answer: Whether on a paper form or third-party digital sports management software like Aktivate, the best way to prevent data from being compromised and abused is to avoid its collection and retention in the first place.

The Florida form, completed and submitted by all high school athletes in the state, has for decades included five questions: when the student’s first menstrual period occurred, when the most recent period occurred , the usual time between the start of one period and the start of the next , the number of periods the student had in the previous year and the longest period between periods in the previous year . Although the questions are technically optional, the coercive power dynamic between school authorities and underage students cannot be ignored.

As Florida and other states ban abortion, and officials and bounty hunters threaten to hunt down violators, these questions have sparked a furor among athletes, parents and doctors who don’t want the government – including schools and other educational bodies – accesses procreation. health data as potential criminal evidence. Putting student data in the hands of a third-party software vendor raises further privacy and security issues.

This concern is akin to discussions about scrapping period-tracking apps to prevent this data from being used to target people seeking abortion care. Users of these apps can definitely consider upgrading to a more privacy-focused app: Consumer Reports analyzed a number of policy trackers and found that Euki, Drip, and Periodical were on the side of users when it came to data retention policies and practices as well as avoiding third party trackers.

But it’s important to distinguish between the security and privacy threats that abortion seekers are actively facing now, and the more hypothetical threats that may arise in the future. The trolling of period-tracking apps to identify people with menstrual irregularities or other supposed evidence of an aborted pregnancy fits neatly into the latter category.

In fact, many apps you use every day can retrieve your phone’s device ID, the location you’re using the app from, the advertising ID your phone uses as a name tag for communicate with advertisers in all your apps, contact list, photos and more. Some of this data may seem relatively harmless individually, but can be combined and shared in the huge web tracking and advertising industry. Anyone, not just advertisers, may be able to purchase the resulting datasets. It is not far to imagine the disastrous consequences of this data collection and sharing – but again, it is not the main strategy used to criminalize abortion seekers at the moment.

Spend your days with Hayes

Spend your days with Hayes

Subscribe to our free newsletter Stephinitely

Columnist Stephanie Hayes will share her thoughts, feelings and fun stuff with you every Monday.

You are all registered!

Want more of our free weekly newsletters in your inbox? Let’s start.

Explore all your options

The most common current scenario in which people are criminalized for the outcome of their pregnancy is when a third party – a family member, partner, hospital staff or someone else they trust – reports them to law enforcement, who can force them to search for a device. . The most common types of evidence used in resulting investigations are text messages, emails, browser search histories, and other information that could directly indicate a person’s intent to have an abortion. This type of criminalization is not new and has disproportionately affected people of color and people dependent on state resources.

So think carefully about who you trust with information about your health. How you communicate with those you trust is important (for example, choosing encrypted messaging platforms like Signal or WhatsApp), but that won’t protect you from betrayals of your trust, like taking screenshots of your conversations. See our Safety Tips for People Seeking an Abortion and our Surveillance Self-Defense Guides for the Abortion Movement for more information on privacy considerations and steps.

Meanwhile, the companies behind menstrual trackers, “ed tech” platforms like sports management software and thousands of other apps — not just those that embed reproductive health data directly into cases of using their products – have serious changes to make. Any company that collects user information should be prepared for the possibility that data from its apps will be used to target or punish people seeking abortions and other reproductive health care. The easiest way to avoid giving user data to law enforcement is to not keep it in the first place – if you don’t create it, it won’t come.

And lawmakers need to pass common-sense privacy legislation to protect not just health-related data, but all consumer data.

The technology we use must respect our rights to privacy and bodily autonomy, and students and parents should not have to fear that participation in sport requires giving up purely personal data. We don’t think menstruation data is an immediate threat, but it could be in the future. Businesses, legislators and, yes, education officials must therefore take concrete steps now to minimize the potential harm.

Gennie Gebhart is director of activism and Daly Barnett is a technologist at the Electronic Frontier Foundation, a digital civil liberties nonprofit based in San Francisco.


Comments are closed.