FTC says it will pursue companies that exploit location and health data

In the wake of new privacy concerns post-Roe, the FTC has warned companies and data brokers that it would crack down on any misuse of health and location data. The agency stopped short of detailing any new steps to safeguard sensitive reproductive health data but stressed it would hunt down companies that break existing data privacy laws. In a new blog post, the FTC wrote that it was committed to using the full scope of its legal authorities to safeguard consumer privacy. It also noted that apps that track periods and fertility, as well as any product that collects health or location data could expose individuals to harm, particularly those seeking abortions.

The Commission is committed to using the full scope of its legal authorities to protect consumers privacy. We will vigorously enforce the law if we uncover illegal conduct that exploits Americans location, health, or other sensitive data. The FTCs past enforcement actions provide a roadmap for firms seeking to comply with the law, wrote the agencys acting associate director in the Division of Privacy and Identity Protection Kristin Cohen in the post.

The FTCs statement arrives only a few days after the Biden administrations July 8th executive order on abortion access, in which it asked the FTC to take steps to protect abortion data privacy, including launching a task force. In light of the Dobbs ruling, digital privacy groups have warned that police can easily use location tracking and other sensitive data to prosecute those suspecting of having an abortion in states where it is now illegal.

Period-tracking apps are just one of the many tools that law enforcement agencies can use to build a case against a person suspected of having an abortion. As both digital privacy groups have noted, fitness trackers, search histories, GPS map apps and practically any online activity could be fair game for law enforcement in states with abortion bans. Location data can also be misused. The FTC noted a 2017 Massachusetts case where a company sent targeted ads on abortion alternatives to anyone who crossed a digital fence outside an abortion clinic.

Perhaps as an example of how aggressive it has been with apps that misused reproduction health data in the past, the FTC also mentioned a settlement it reached last year with popular period-tracking app Flo. The agency had alleged that Flo shared sensitive health data with outside parties, despite promising to keep such information private. As a result, Flo agreed to obtain user consent prior to sharing information with outside parties and to launch an independent privacy review. Flo is hardly the only reproductive health app to share sensitive user data. A May study of 20 different period-tracking apps by VPN company Surfshark found that nine shared data for third-party ads and 10 collected coarse location information.