Some names have been changed to protect privacy.

This June marks three years since the Supreme Court overturned the landmark abortion case Roe v. Wade with a 6-3 ruling in Jackson v. Dobbs, breaking a nearly 50-year precedent. The conservative-led court repealed the federal right to abortion, giving conservative state lawmakers the ability to tighten their abortion laws without consequence. The decision led to a rise in criminalization and privacy violations for those who have undergone or are seeking abortion care. Apps like Google Maps that monitor travel are already the focus of subpoenas used to prosecute women seeking reproductive care out of state. 

Third-party data brokers and period-tracker health apps like Flo may be next. Congressional Democrats and the Federal Trade Commission have already begun to ring the alarm. 

The concern is even more pressing with the new Trump presidency. The White House is actively working to enforce the Hyde Amendment, which guarantees that no government-funded program can provide reproductive care. An executive order in late January affirmed the policy and pledged investigation and enforcement. Moreover, data privacy is expected to change drastically with the administration’s recent downsizing of The Privacy and Civil Liberties Oversight Board this February. 

Sweeping state abortion bans, including against related healthcare, quickly passed after the Jackson decision, with some conservative state legislatures having already passed “trigger laws” that immediately went into effect post-Roe. Republican-led states have since prosecuted hundreds of women for abortion-related care, with pregnancies from rape remaining an inconsistent exception depending on the state. One in three American women ages 15 to 44 now live in states where abortion is no longer accessible. 

Conservative state legislators are also enacting penalties against healthcare providers who perform abortions. States are increasingly instituting the concept of “fetal personhood” — considering an unborn fetus to have the same rights as a born child — into their legislative action. The implications of the change are vast, as obtaining abortion care could be classified as and prosecuted for murder. 

Several high-profile cases have emerged from state enforcement, including charges against an Indiana doctor who provided an out-of-state child with abortion care. The ten-year-old was pregnant as a result of a rape. Emergency rooms in Texas were also the focus of media attention when they reported they could not legally provide life-saving care to three pregnant women who ultimately all died as a result of ectopic pregnancies. 

Though President Trump has suggested he won’t commit to a federal abortion ban, he argued during his campaign that states should have the right to prosecute women who’ve undergone abortion care — leading the American Civil Liberties Union to speculate that the outright federal criminalization of reproductive care may begin during Trump’s second presidential term in part through privacy violations. 

According to Pregnancy Justice, an advocacy group focused on access to abortion, more than three-quarters of pregnancy criminalization cases occurred in states that define embryos, fetuses and fertilized eggs as children under child-abuse statutes. States like Idaho and Tennessee have also sought legal action against those who assist others in crossing state lines to get abortion care. 

Sawyeh Esmaili, Senior Counsel at the National Women’s Law Center, has spent her career analyzing U.S. reproductive rights policy. Criminalization is not only a realistic future, she said, but a danger to the status quo. 

“Reproductive surveillance and criminalization of pregnancy outcomes are actually not new,” Esmaili said. “In fact, these things have long been used, even before Dobbs, to persecute pregnant people, particularly with a disproportionate impact on low-income communities. Both law enforcement and anti-abortion extremists have long utilized surveillance techniques as well as user data to harass, investigate, prosecute and punish pregnant people.” 

According to a press release from Oregon Senator and Democrat Ron Wyden’s office, in 2020, the anti-abortion organization Veritas Society used individualized data collected by Near Intelligence, a location data broker, to identify women who had sought abortion care. Through geofencing — setting up virtual boundaries around a specific location to collect data on the visitors of that area — Near Intelligence compiled the information that Veritas later used to target women accessing care with 14.3 million anti-abortion attack ads. In 2024, Near Intelligence declared bankruptcy and instituted new anonymity regulations for their collected data — which they sold to Azira, another consumer data behavior collector. According to a publicly released letter from Senator Wyden to Lina Khan, Commissioner of the FTC, Near Intelligence agreed to their new internal regulation following pressure from the FTC. However, the original data they sold is still owned and available to both Veritas and Azira.

The FTC has responded to similar violations of reproductive privacy in the past. In January 2024, the FTC settled a dispute with data-location broker X-Mode Social over data privacy violations after the company sold sensitive information to third parties. Ultimately, X-Mode agreed to stop selling person-specific location data to become FTC-compliant, though they continue to collect the data anonymously. Still, the dispute demonstrates the broader data privacy issue many women face. Although data collectors may anonymize information by removing names and street addresses from data sets, the remaining sensitive information like zip codes, birthdays, genders and frequently visited locations — such as homes — still exposes individuals to be directly targeted and identified, according to a 2023 article from the nonprofit Electronic Frontier Foundation. 

In 2021, the FTC first alleged that the popular period-tracking app Flo was sharing sensitive user health information with third-party buyers like Google and Facebook without permission. Although Flo denies these allegations, the FTC settled the dispute under the agreement that Flo must notify users when disclosing their health information and instructed the buyers who had received the shared data to delete it immediately. The company serves over 70 million active users. 

Flo users were shocked by news of the app’s potential data sharing. An anonymous student from Maryland said the privacy issues are a significant concern that may threaten her app usage. 

“I don’t feel comfortable for a company like Flo to exploit my body for advertising and monetary gain,” she said. “Especially if I don’t know about it. My privacy is important to me; I want companies to respect that.” 

Flo’s competitor Clue also reports a large customer base of millions of monthly users. As with Flo’s FTC agreement, Clue also controls what data is shared and to whom it is shared, pledging never to share information with law enforcement agencies or sell data to third-party advertisers.

Clue CEO Rhiannon White understands the importance of data privacy and emphasizes it within her organization, she said. 

“Our foundational belief is that tracking equals data, data equals insight, and insight equals agency,” White said. “Agency around our own health as women is a thing that, frankly, we’ve never had.” 

The private industry isn’t the only place where women’s health advocates are focusing their attention. Currently, the Health Insurance Portability and Accountability Act, the nearly 20-year-old series of laws requiring privacy protections for medical care, and the Fourth Amendment, which protects people from unreasonable government searches and seizures, are the most prominent legal frameworks that protect women specifically against government surveillance of their reproductive decisions. 

However, the National Security Agency has bypassed these privacy regulations in the past. After the Sept. 11 attacks, the federal government enacted the Patriot Act, allowing the NSA to use “National Security Letters” — special subpoenas issued by the U.S. government without judge approval — to compel private companies to grant government access to certain types of information like individuals’ phone records and data history. In 2008, Congress passed Section 702 of the Foreign Intelligence Surveillance Act. The provision introduced further, significant privacy concerns by granting the NSA authority to surveil people both domestically and internationally without warrants, as reported by the ACLU in a reform petition. Despite public criticism of the power given to the NSA, the Senate reauthorized Section 702 in April 2024. 

That same month, the Department of Health and Human Services updated HIPAA regulations to protect women seeking abortions from governmental surveillance. However, since these updates do not require data collection to be safe from internal misuse and third parties, women maintain few enforceable protections. 

In June 2024, Senator Chris Van Hollen (D-MD) co-sponsored the Reproductive Freedom for Women Act, legislation to enact national abortion protection. It and other similar proposals have failed to pass at the federal level — but state lawmakers have had more success. Supporting Van Hollen’s efforts, Gov. Wes Moore (D-MD) signed reproductive freedoms into Maryland law, marking one of seven states who, by the start of 2025, have calcified Roe within their borders. Most are Democratic-led states. 

Van Hollen remains an advocate for healthcare privacy and believes Republican efforts to deprive people of their bodily autonomy threaten individual liberties. 

“This kind of government interference in deeply personal matters is unacceptable,” Van Hollen said. “Women do not need politicians surveilling or policing the private health care choices they make with their doctor and loved ones.” 

Introduced by Congresswoman Sara Jacobs (D-CA) in May 2023, the My Body, My Data Act would enforce restrictions on collecting, retaining or spreading personal information on reproductive or sexual health at the federal level. However, this act has yet to pass, and its passage remains uncertain under a Republican-led legislature. Blue states like California and Washington, again, have moved to pass similar laws in the absence of federal protection. 

Popular health organizations like Winx are working to combat these ongoing privacy concerns. Founded in part to bring more privacy to women’s healthcare, Winx Health sells pregnancy tests, morning-after pills and other vaginal health products in discreet packaging. The company has also donated over 30,000 emergency contraceptives to women in need. 

Co-founder Jamie Norwood asserts that the company does not collect user data surrounding any reproductive health-related issues, as she understands the grave consequences of these privacy violations, especially for those living in abortion-restrictive states, she said. 

“For people that live in states with abortion bans, it can be dangerous if your data gets in the wrong hands,” Norwood said. “It’s really important that we’re meeting our customers where they are and getting them products in a way that feels safe.” 

Esmaili believes that as private organizations and law enforcement agencies violate users’ privacy, users will respond with outspoken, widespread concerns for their personal safety. 

“Privacy matters because it allows us to live our lives with dignity and without fear of surveillance,” Esmaili said. “Bolstering data protections is not only a preemptive or defensive guardrail, but it allows us to exercise greater bodily autonomy, greater freedom, and be able to live the dignified lives we all deserve.”

Multiple representatives from the Federal Trade Commission declined to comment.

Flo Health did not respond to multiple requests for comment.