Gathering customer data from devices, web traffic, and apps has long been central to operational strategies at startups and enterprises alike. Can and should those data strategies continue after the dismantling of Roe v. Wade?
In the weeks since the US Supreme Court upended nearly 50 years of legal precedent, questions continue to be asked about the collection of personal data that might implicate users in states that institute laws to ban abortions. Initial concerns pointed to apps used to track menstrual cycles, but what about beacons and other technology that can track where a user travels? Would a company have to turn such data over to local authorities?
“This isn’t just about period tracking,” says David Ruiz, senior threat content writer with Malwarebytes. “This is about location data, too. This is about if you visit a Planned Parenthood. Should that data be available to someone else?”
Waking Up from Data Complacency
He says the world experienced a decade where companies saw collecting as much data as possible as the right and smart thing to do. “It could help them target users; it could help them tell users activities about themselves,” Ruiz says. Now companies need to ask what they need the data for, he says, with laws such as General Data Protection Regulation (GDPR) in the European Union setting the tone for only collecting necessary data for services being offered.
The overturning of Roe v. Wade may be another motivation to follow such guidance, Ruiz says. “We're already seeing quite a few businesses, particularly period tracking apps, making a sudden pivot.” Some apps are releasing "anonymous" modes; therefore, if law enforcement requests information, that data will be unmeaningful for identification. Some companies are looking to end-to-end encryption of user data, he says, to keep it out of the hands of law enforcement.