Gov. Gretchen Whitmer talks with Michigan Advance at the Michigan Governor’s Summer Residence on May 28, 2024 during the Mackinac Policy Conference. (Photo: Anna Liz Nichols)
Legislation that would provide explicit reproductive health data privacy protection for Michiganders is in the works — and Gov. Gretchen Whitmer says it’s long overdue.
“We know that there are all sorts of ways that our data is being misused or weaponized and used against people,” Whitmer told the Michigan Advance in an interview this week. “I think it’s a very real concern that Michigan women and people that use data apps, like for period tracking, etc., have privacy protections. And that’s why this is a bill that I think could make a lot of sense to protect our data and protect people that should, of course, be able to to count on having that privacy.”
Rep. Laurie Pohutsky (D-Livonia) speaks ahead of Gov. Gretchen Whitmer signing the last bill in the Reproductive Health Act in Lansing on Dec. 11, 2023. (Photo: Anna Liz Nichols)
The legislation is being readied by state Rep. Laurie Pohutsky (D-Livonia), who hopes to introduce it in the next session.
“The idea is to make sure that patients seeking reproductive health care don’t have to worry about their health care data being used against them, primarily by those in other states where abortion may be illegal,” Pohutsky told the Advance.
Even before the U.S. Supreme Court overturned Roe v. Wade in June 2022, Whitmer told her daughters, Sherry, then 20, and Sydney, then 18, to delete their menstrual cycle tracker apps.
Data privacy experts had already been warning users of such apps that the information they either logged in voluntarily, or was tracked via wearable devices like a Fitbit, was not protected and could potentially be sold or provided to third parties that users were completely unaware of.
The International Digital Accountability Council (IDAC) issued a report in December 2021 which determined that period tracking apps were sharing unencrypted personal information with third parties without fully disclosing that in their privacy policies.
“Some widely-used apps fail to meet even basic platform requirements because they send unencrypted user data, have inadequate or missing privacy policies, or collect granular information about user location without adequate explanation. Additionally, several apps appear to transmit user data to endpoints in countries such as Russia and China with weak data protection laws and poor human rights records,” stated the report.
And after Roe fell, it became clear that the same data could potentially be used by states like Texas to prosecute residents seeking abortions outside the state.
Whitmer says while there are basic privacy protections already in place, it’s important to make sure the law stays ahead of the technology and not the other way around.
“There are things on the federal level and the state level, but the world’s also changing very quickly, and it’s part of why it’s crucial that we are nimble,” Whitmer said. “A right that we thought was enshrined for 50 years and would never go away has. And we see in different states how government is using women’s data against them, whether it’s monitoring pregnancies or period apps or anything like that. And so I think it’s prudent to be very aggressive when it comes to consumer protection and when it comes to protecting women’s health information. And that’s why enhancing our law in this regard is a step in the right direction.”
Experts say users need to make the effort to find out how their data is treated by any app, especially those that are tracking personal health information. One thing to be especially wary of is having that data encrypted, which typically means it is being transmitted elsewhere. Data stored in the cloud would be much easier for law enforcement to get access to as opposed to having to subpoena an individual’s private phone.
“Whenever we use an app and we’re putting sensitive information in, we make ourselves vulnerable,” Whitmer said. “And in a climate like this where you do have some state governments trying to monitor women and menstruation, pregnancies, etcetera, it is important that we protect ourselves. And so the state does have an important role, but also we as individuals can take action to keep our information private. We should be doing it on all fronts.”
Government officials have already used health data to monitor abortion care, the Advance reported in 2022.
Scott Lloyd, former refugee resettlement chief and anti-abortion activist under former President Donald Trump, admitted in March 2019 to keeping track of the menstrual cycles of teen migrants who had reported being raped in an effort to stop them from getting abortions. Later that year, the director of the Missouri state health department admitted to monitoring the menstrual cycles of Planned Parenthood patients to identify those who had “failed medical abortions.”
Data privacy after Dobbs: Is period tracking safe?
The proposed Michigan legislation is being modeled after laws passed in states like New York or California, said Pohutsky, adding that she is also consulting with the ACLU to make sure the legislation passes constitutional muster.
California’s new health data privacy provision, which went into effect July 1, prevents pharmacies and other health data companies from disclosing individuals’ medical information to law enforcement without a warrant in most circumstances.
It also prohibits those companies from providing information related to a patient’s abortion to anyone from another state unless authorized by the patient and requires those entities to enable data security features that would protect health information related to abortion, contraception and gender-affirming care so that it is not readily accessible across state lines.
Whitmer said that while there are already provisions in both state and federal law that pertain to health data privacy in general, it’s important not to take anything for granted.
“I’m proud to be a governor, but I’m only going to be governor for two more years, and I don’t know who comes next,” she said. “And I do worry that so many users utilize these apps to track a variety of things according to their health. And we can’t count on whoever comes next to fight for those freedoms and that privacy and that protection, we need to codify it. And that’s why this bill is an important opportunity for us to do more on behalf of the people of Michigan.”
YOU MAKE OUR WORK POSSIBLE.