The Unexpected Impact of Digital Privacy

Digital Privacy Day is January 28th, making this Digital Privacy Week. While this may not mean much for those outside the cybersecurity community, it is essential to recognize data privacy affects everyone every day.

It is time to think about digital privacy and safety with the same care and respect as physical privacy and security. We protect ourselves, our homes, and our families- the key to your house is not copied and passed out to strangers on your morning commute. You look both ways before you cross the street. When driving, you stop at stop signs. The line between our physical and digital realities is the thinnest it has been throughout history. 

Your Digital Shadow

digital footprint is a unique set of individual traceable digital actions, activities, and communications that have manifested on the Internet. Sometimes also referred to as a digital shadow, this footprint is more valuable than you might realize. What does this information include? Some examples include financial data, web browsing history, social media data, online shopping data, and health data, most notably post-Roe America

These forms of data collection are comparable to someone sitting in your house and taking notes about you at all times. What are the implications of this, and how is it allowed?

Mundane aspects of a digital footprint can sometimes be enough to serve as evidence in a criminal trial.

The United States Privacy Act

The United States Privacy Act was passed in 1974 (yes, 48 years ago) to enhance individual privacy protections. It established regulations and requirements for United States government agencies’ collection, disclosure, and use of personal information. This is the last national, all-encompassing (protection not restricted by age) form of privacy policy we have had in the United States- and its rules only apply to government agencies, leaving private companies and organizations to (mostly) do whatever they want. 

One year before The United States Privacy Act was passed in 1974 was the Supreme Court decision that guaranteed the constitutional right to abortion: Roe v. Wade. At the time, I am sure few thought the two topics would be this interconnected. 

When Dobbs v. Jackson Women’s Health Organization overturned the decision in the summer of 2022, abortion became inaccessible and illegal in many states. In Tennessee, for example, seeking an abortion is a criminal offense.

Digital Health Data

Who owns your digital health data? Unfortunately, it isn’t always just you.

It is now crucial for women to know and understand who owns and controls their digital health footprint. The guidelines for health information federally protected by HIPAA are very narrow and can also be disclosed under more circumstances than we immediately realize. According to Dr. Kayte Spector-Bagdady– “there are almost no protections under HIPAA or any other data privacy regulation in the U.S. to protect against a state law enforcement subpoenaing to gather information because there are huge exceptions in HIPAA for criminal law enforcement requests.” 

By overestimating the protections of HIPAA, individuals put themselves in compromising positions by leaving behind ‘health proxy data‘ daily. What does that look like? When information is not protected, a lot can be inferred from purchase history, which is an example of a digital footprint. 

For example, using a store discount card (i.e., putting your phone number in at CVS for coupons or discounts) to purchase menstrual products at the same time every month but skipping one month and purchasing a pregnancy test instead. Then purchasing menstrual products again after a couple of months- this purchase history could be considered ‘health proxy information’ that is unprotected and, depending on the state, can be used as evidence in a criminal trial. 

Digital privacy touches more than is immediately realized. It is a health issue, a women’s rights issue, and a reproductive justice issue.