Protecting health privacy in the age of digital surveillance

Big Data, Information Access, Privacy Education, Surveillance

In the aftermath of the Supreme Court’s majority decision to overturn Roe v. Wade, patrons may turn to libraries for help seeking information about reproductive health options in private. The ethics of our profession mandate that we do so. We can help patrons by teaching them how to protect their digital privacy on their own devices and ensuring our public computers employ the strongest, most up-to-date protections.

According to the ALA document Privacy: An Interpretation of the Library Bill of Rights, “all people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use… The right to privacy includes the right to open inquiry without having the subject of one’s interest examined or scrutinized by others, in person or online.”

Librarians can help patrons understand their potential privacy risks. We can help them learn to protect themselves from digital surveillance that could be used to infer their health status, political views or whereabouts. We can provide a safe, non-judgmental space for them to seek information anonymously.

This is also a good time for libraries to conduct an internal privacy audit to ensure we can protect the privacy of vulnerable patrons.

Online risk scenarios

We have already seen multiple examples of how digital data has been used to uncover individuals’ health status or interests. Apps are of particular concern if they track fertility/menstrual cycles or location.

For instance: in 2015, a pro-life group in Massachusetts contracted with a digital advertising company to use GPS to send ads for “abortion alternatives” to phones brought into abortion clinics and collect digital data on their users. The Boston Attorney General sued the agency and settled to prevent that company from geotargeting abortion clinics, but the practice is still legal for others.

At least one company – SafeGraph – publicly sold data about devices detected near Planned Parenthood facilities. The data included how often people went there, how long they stayed, and where they most likely lived (based on the phones’ overnight location).

The day after Motherboard reported on this practice, SafeGraph stopped doing so. A blog post from SafeGraph CEO Auren Hoffman cited “potential federal changes in family planning access” as the reason for the change, which would “curtail any potential misuse of its data.”

The right to privacy includes the right to open inquiry without having the subject of one’s interest examined or scrutinized by others, in person or online

American Library Association

Health tracker apps, especially those that track menstrual cycles or fertility, pose a particular concern because they could provide evidence to suggest a pregnancy. These apps are not covered by the Health Insurance Portability and Accountability Act (HIPAA), which would otherwise protect against nonconsensual disclosure of sensitive health information. The individual companies that make them vary in their commitment to privacy.

In 2020, Consumer Reports reported that five other period tracker apps all shared data with advertising and marketing analytics companies. The period tracker app Flo shared health data like period days or intent to conceive with Facebook without authorization or the choice to opt out, until ordered to stop in an FTC settlement.

Data brokers can still glean health insights even without health or location data. An app that can see your purchase habits could show if a person begins or stops buying birth control, or purchases Plan B. And remember the now-legendary story of how Target sussed out a pregnant teen before her father did?

Shoshana Wodinsky, a Gizmodo reporter specializing in business data, said in a twitter thread that deducing individuals’ reproductive health decisions from aggregated data is despairingly straightforward.

Protecting Individuals’ Privacy

If someone asks how to protect their health information from digital surveillance, what can you tell them?

General tips:

  • Use strong passphrases or passcodes to secure your data. A password manager application can help.
  •  Use two-factor authentication for your online accounts and apps.
  • Be selective about which apps you use on your phone. Check if they have access to personal information like your contacts list, location data, audio or call logs. Keep apps up to date, and delete ones you no longer use.
  • Turn off WiFi and Bluetooth on personal devices when not using them. Turn off location sharing for as many apps as you can. Disable your Mobile ad ID.
  • Assume that public WiFi networks and hotspots are not secure – limit your use and activities on them. Use a virtual private network (VPN), which helps hide your data use, website history, and location from third parties.
  • Use end-to-end encrypted messaging apps like Signal. Use disappearing message technologies for any sensitive topics.
  • Be especially wary of apps that track menstrual or fertility information. Even those that are transparent and restrictive with data sharing could be legally compelled to hand over data. If you must, look for one with a retention policy that includes deleting data past a certain time point – they can’t hand over data that doesn’t exist.

Extra measures…

…for people involved in abortions, abortion care, or reproductive health activism:

  • Practice Compartmentalization: keep your everyday digital activities completely separate from your sensitive ones. Use different accounts and tools for online planning and information gathering. Create a new email address, use a different browser, and different phone numbers if you can.
  • Choose privacy-oriented digital tools for sensitive uses
  • Do not bring your phone to or near a clinic. If you need one, buy a cheap “burner” – pay in cash – and have it on only when you’re near the clinic. Turn it off as soon as you leave.
  • Do not use thumb print or Face ID security on your mobile devices if you are concerned about encounters with law enforcement.
  • Use cash or prepaid gift cards to pay for medications or treatment.
  • When interacting with others in a group or community, set boundaries about what kinds of data can be shared, and with whom. Push for secure communication platforms. Consider establishing special phrases to hide discussions of sensitive topics.
How your phone documents your abortion experience and what to do about it! By: the Digital Defense Fund
Risk: receipt for payment for your abortion and/or travel in your inbox Alternative: Make an email account just for this purpose, then delete it after
Risk: period tracking app shares your data Alternative: Use a privacy-driven period tracker like Euki App
Risk: search history saved in your phone's browser, and with your ISP (internet service provider) Alternatives:  - Use a privacy-driven search engine, ex: DuckDuckGo - Install a paid VPN to hide websites you visit from your ISP - Browse with Tor or Firefox  - Use a private browsing window, or delete your browser history
Risk: payment history for your abortion in a banking or payments app Alternative: use cash or pre-paid gift cards where possible
Risk: ad tracking & location tracking from apps, browser history, & social media activity Alternative: in your phone settings turn off location tracking & mobile ad ID
Risk: sensitive text messages about your abortion experience are kept forever Alternative: use an encrypted chat app, ex: Signal or Wire, with disappearing messages turned on (important!)
For detailed instructions for each of the above tips, visit:
Digital Defense Fund


Protecting privacy in the library

What privacy practices should we check up on/implement if someone wants to use the library as a safe place to research reproductive health options?

The ALA Privacy Tool Kit and Library Privacy Checklists are good places to start to audit your library’s privacy practices. According to the Tool Kit, a library’s privacy policy should…

Cover of ALA guide to Privacy Audits
  •  limit the degree to which the library and third party service providers monitor, collect, disclose, and distribute personally identifiable information;
  • avoid creating unnecessary records including non-text records such as camera recordings;
  • avoid retaining records that are not needed for efficient library operation, including data related logs, digital records, vendor-collected data, and system backups;
  • avoid library practices and procedures that place personally identifiable information in public view; and
  • require that patron records remain on a local server and not be exported to the cloud or a third-party server.

Find even more comprehensive information about library privacy practices in the ALA’s recently released Privacy Field Guides.

Another good resource is the Massachusetts Library System Digital Privacy & Technology Guide. This includes a section on Privacy Resources for Library Tech Management that can help protect privacy on library devices patrons use to seek information. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.