The U.S. Supreme Court decision overturning Roe v. Wade has raised concerns that tech companies will be forced to hand over data on women seeking abortions. Europeans are appalled.
European citizens, decision-makers and leaders have voiced anger that US prosecutors might demand access to personal information that they believe should be kept private.
While Americans are restricting abortion rights, Europeans are going in the opposite direction. Since 2018, conservative Catholic countries like Ireland have voted to legalize the procedure. Of the 27 members of the European Union, only Malta and Poland maintain restrictive laws. After the Supreme Court’s decision, the European Parliament adopted a resolution in favor of including the right to abortion in the EU’s Code of Fundamental Rights, by 324 votes to 155.
The split comes at a sensitive time in transatlantic digital relations. Data transfers across the Atlantic Ocean have been under threat since 2020, when the European Court of Justice struck down a data transfer system known as Privacy Shield. US surveillance of EU data sent across the Atlantic violates the EU’s General Data Protection Regulation (GDPR), the European court has ruled.
European and American leaders have prioritized resolving the impasse. In March, European Commission President Ursula von der Leyen and US President Joe Biden announced a political agreement on “Privacy Shield 2.0”. Details remain to be completed. The White House is expected to issue an executive order outlining its compliance plans within weeks.
But since the Supreme Court ruling, Europeans have feared US law enforcement will demand access to the data to prosecute those seeking abortions. US data brokers are already making money by aggregating large amounts of data and reselling it. The federal government acquired consumer data to circumvent warrants, and a reporter recently purchased a list of people who visited Planned Parenthood, a health care provider that can perform abortions, for $160. “While the right to privacy is enshrined as a basic human right in Europe, it is not in the United States,” says Mary Ziegler, Stearns Weaver Miller Professor of Law at Florida State University College of Law.
“Location data is the biggest problem,” noted Jake Laperruque, deputy director of the security and surveillance project at the Center for Democracy and Technology. Individuals could claim they’ve stopped using a period-tracking app, but phone data showing visits to an abortion clinic is hard to deny and US courts have accepted such evidence before. Location data is much stronger than tracking periods or other signs “to prove an abortion,” Ziegler argues.
Tech companies are in a rush. In a blog post, Google said it will automatically delete location history for locations that are considered “personal”. Examples include domestic violence shelters, abortion clinics, and addiction treatment centers. Police warrants for such data have increased significantly since 2018, accounting for 25% of all warrants received in 2020, according to Google.
Other tech companies are following suit. Placer.ai and Safegraph, which previously sold information about people who visit Planned Parenthoods, have agreed to stop selling abortion data.
For transatlantic relations, the imminent danger centers on the new Privacy Shield. European GDPR provides strict protections for “sensitive data”, including location “If US government agencies are able to circumvent these commitments, this loss of privacy will have implications,” says Eduardo Ustaran, partner at Hogan Lovells International LLP based in London.
European companies in the United States could be subject to data handover warrants. Requests for location, health and other sensitive data by law enforcement “would be considered a very serious violation of the Privacy Shield principles”, warns Ustaran.
Despite the danger, the abortion debate may still not torpedo the construction of a Privacy Shield 2.0. In Washington and Brussels, leaders want a deal, seeing it as a concrete step to improve relations after their turmoil with the Trump administration and to maintain a common front against Russian aggression in Ukraine. “There is a strong determination to fix the Privacy Shield “on both sides of the Atlantic, which makes it unlikely that these concerns will completely dismantle the effort,” predicts Ivana Bartoletti, Global Chief Privacy Officer at Indian tech company Wipro. .
Yet any renewed Privacy Shield will be fragile, subject to a further negative ruling from the European Court of Justice. The abortion split could sway some EU judges over the danger of allowing European personal data to be transferred across the ocean. “Some form of legal challenge is inevitable,” law firm Herbert Smith Freehills LLP concluded in a recent analysis.
Potential reforms in Washington could avert this danger. A bipartisan group of senators recently proposed the Fourth Amendment law is not for sale that would close the data broker loophole. A broad US federal privacy law would reassure Europeans. But given the difficulty of passing legislation in the divided US Congress, such a new bill seems unlikely.
Prior to the Supreme Court’s decision, analysts say the United States and Europe appeared to be moving in the same direction to expand privacy protections. Analysts now believe the momentum has been broken. A “global understanding of privacy rights has been driving this convergence,” says Ustaran. This fight against abortion threatens to “destroy the work of many years”.
Grace Endrud and Daniel Hayes are interns at CEPA’s Digital Innovation Initiative. Bill Echikson edits bandwidth.