Hot Topics
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Identity and Access Management IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches 

ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo

by Richi Jennings on June 27, 2022

We could soon have a federal GDPR—or something similar, at least. Draft legislation is speeding its way through the House of Representatives.

A bipartisan bill unanimously passed a key subcommittee stage last week. The American Data Privacy and Protection Act would limit data collection, give opt-out rights to tracking for ads and outlaw targeting minors with ads.

But it wasn’t the only privacy related issue on Capitol Hill last week. In today’s SB Blogwatch, we wade in deep.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: How this ends.

Welcome to Gilead

What’s the craic? John D. McKinnon reports—“Online Privacy Bill Clears Early Hurdle in House”:

The legislation could move quickly
Bipartisan legislation to establish broad privacy rights for consumers won approval from a House subcommittee. … Lawmakers approved the bill, the American Data Privacy and Protection Act, on a voice vote with no dissent. It now moves to the full Energy and Commerce Committee for a vote.

In broad terms, the legislation would put new limits on how businesses … can collect and use consumers’ data. Big tech companies would be limited to collecting, processing and transferring only the data that is reasonably necessary. … Individuals could opt out of targeted advertising [and] it would prohibit targeted advertising aimed at users under the age of 17

[The] strong vote suggests the legislation could move quickly through the House. The Senate remains a bigger question.

Hmmm, a federal law requiring privacy? Tatum Hunter and Heather Kelly get topical—“Period-tracking apps raise new worries”:

Post-Roe v. Wade America
With a menstrual-tracking app, you can see when your periods and fertile days start and end. And, because these apps leave a digital trail, other people can see, too. With 13 states poised to ban abortion … many worry that data from period apps could become evidence of a crime.

Cutting down on personal data-sharing could become habit for women in post-Roe v. Wade America. … A 2021 report from the International Digital Accountability Council (IDAC) found period trackers sending unencrypted personal information or sharing data with third parties. … Unlike details you share with a health-care provider, the health information you turn over to an app is not protected by … HIPAA.

Lest we forget, the Supreme Court’s Roe redo stops the 14th Amendment being interpreted as a federal right to privacy. Brian Kahn—“Your data is worth more than your life to tech companies”:

Boatloads of cash
The Supreme Court has ended abortion rights as we knew them. The ruling has unleashed a wave of restrictive laws in [certain] states that will outlaw abortion. … That’s forced tech companies to choose where they stand.

[In] the post-Roe world … there is no shortage of ways that data is about to be weaponized as a tool to find and punish people seeking abortions—and providers alike. … To help everyone, tech companies could just stop collecting [and] selling it. They all could fight police subpoenas. And yet tech companies have so far “no commented” their way out of having to address the reality that they have this enormous power.

Of course, tech companies have always valued data above all else. [It] makes boatloads of cash for them, despite the risks it poses to the individuals. … Location and keyword data has [already] been handed over to police or bought by right-wing activists. … We’ve already had a preview of how data can be used to target users. But it’s about to become much more extreme — and dangerous.

And it’s not the only bill on the Hill. Christine Hall monitors—“My Body, My Data Act Tackles Online Privacy”:

Would limit the data that can be collected
Friday’s ruling by the Supreme Court that overturned Roe versus Wade has brought online privacy issues … front and center. … These concerns go beyond the already regulated data collected by healthcare organizations. Data includes GPS data that law enforcement could use to place women in locations that have abortion clinics, as well as data collected by consumer-focused reproductive health apps.

Government action to protect reproductive health data is already in the works in the form of the My Body, My Data Act, which was introduced simultaneously in the Senate and House of Representatives on June 16. … If passed, the My Body, My Data bill would limit the data that can be collected, retained, used, or disclosed to only what’s needed to deliver a product or service. The bill would affect any company or organization that collects personal data related to reproductive or sexual health. It also stipulates that companies must publish a privacy policy. … In addition, it hands individuals the right to access and delete their reproductive health information.

What should big-tech employees do? Eva Galperin—@evacide—speaks to the grass roots:

This is what you should be protecting
The difference between now and the last time that abortion was illegal … is that we live in an era of unprecedented digital surveillance. … If tech companies don’t want to have their data turned into a dragnet … they need to stop collecting that data now. Don’t have it for sale. Don’t have it when a subpoena arrives.

Now is not the time to shrug and say it’s too late and nothing can be done. Now is the time to ask hard questions at work. You hold the world’s data in your hand and you are about to be asked to use it to be Repression’s Little Helper. Don’t.

Search data matters. Location data matters. Health data matters. Contact lists and friend lists matter. The contents of messages matter and so does the meta-data. If you work in tech, this is what you should be protecting right now.

Good luck with that. So says jmch:

While Big Tech companies may be supportive of abortion rights for their employees … it’s completely unlikely that any of them will limit their data collection golden geese to protect their users’ privacy, whatever weasel words they will come up with in public to pretend otherwise. And they all typically already comply with legal/judicial data requests, so if a Texas court subpoenas a dataset from them, I don’t see them refusing if the warrant is legit and the data is available.

Hyperbole much? Not at all, says fazig:

This can easily come back to bite you
Having lived in neo-Stalinist Romania where surveillance was ubiquitous, … I’ve got enough historic precedent to convince me that erosion of privacy is in fact a legitimate slippery slope, where you can only hope that those in charge don’t write insane legislation. … So now people could be tried for murder if they had a miscarriage? The could be charged with attempted murder or whatever other felony if their health data shows they take contraceptives?

It’s utter lunacy. … And while I understand that “nothing to hide, nothing to fear” is a popular mantra among the dimwits, you should understand that this can easily come back to bite you if the laws are allowed to change on irrational whims.

But Dare Obasanjo—@Carnage4Life—calls it “Another round of blame shifting”:

The U.S. government caring about online privacy at the Federal level is way overdue. But Democrats’ failure to codify Roe … with laws is the real issue—not period tracking apps.

[People] that blame tech companies instead of politicians for bad laws are telling because they offer no solutions. Should Google not store your emails or Uber your ride history because they might be related to an abortion? If not, then what?

O RLY? Sloppy goes back to first principles:

You may have noticed an increasing trend where government wants to investigate The People … but they keep running into that damn 4th Amendment. But the courts have long upheld that the 4th is only a limit on what the government can do, not what can be done. Private actors are free to gather whatever information they’re able.

Lately, a lot of states … would like to more easily detect when abortion has happened, and who might have been involved. [And] it’s been fashionable and practical for the last decade or two for people to carry little computers around, with radios which constantly talk to other computers, and those other computers remember who they talked to and where.

This is useful for governments, if they want to establish that patients and providers were in the same place at the same time.

Meanwhile, VoiceOfTruth has another suggestion for us all:

Very well. Don’t do business in those states that are against human rights. Consign them to the dustbin of history.

And Finally:

Matt Mansplains Margaret

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Victoria Pickering (cc:by-nc-sa; leveled and cropped)

Recent Articles By Author
More from Richi Jennings
Richi Jennings , , , , , , , ,

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 605 posts and counting.See all posts by richi