Friday’s SCOTUS ruling in Dobbs is devastating news. Yes, it denies women and girls reproductive autonomy, but it also augurs a future where no aspect of our intimate life is ours, where even the most private spaces or relationships are ripe for surveillance, where every detail about our bodies, health, and relationships is amassed and sold. Everyone’s life opportunities are on the line in a world without intimate privacy.
With the evisceration of Roe and the triggering of state laws criminalizing abortion, police can access the evidence they need to pursue investigations. Our fertility, dating, and health apps, digital assistants, and cellphones track our every move, doctor visit, health condition, prescription, and search; the details of our intimate lives are sold to advertisers, marketers, and data brokers. Law enforcers can purchase or subpoena data about women’s missed periods, health clinic visits, and resumed menstruation. Prosecutors with an eye to higher office will use that data to make cases against women and girls, especially those who come from marginalized backgrounds.
Data brokers aren’t just handmaidens to law enforcement. Angry exes and pro-life activists can purchase location information to identify anyone who helped facilitate an abortion, including ride-share drivers, parents, and friends who drove women to appointments. State laws, like the one passed in Texas, put a bounty on their heads; thousands of dollars in civil penalties will tempt many to sue. Be on guard for cyber mobs: They will exploit data broker dossiers in order to dox, threaten, and terrorize everyone involved. In the late 1990s, when women enjoyed a constitutional right to pre-viability abortion, websites like the Nuremberg Files doxed “abortionists” and called for their murder. With the demise of Roe and the rise of state bounty laws, we may see the emergence of sites devoted to outing a far wider swath of targets. We may see sites crowdsourcing information about women and girls who obtained abortions. This would take a page from the thousands of sites devoted to humiliating women and LGBTQ individuals with nonconsensual pornography, deepfake sex videos, and other violations of intimate privacy. Thanks to a federal law passed in 1996, websites hosting doxing and threats, like those devoted to nonconsensual porn, will be immune from any legal responsibility unless they were found to have a hand in creating the threatening content themselves, as was true for the Nuremberg Files. That’s why I have been working with federal lawmakers to reform that law—to ensure that sites earn that immunity by taking reasonable steps to address illegality that causes serious harm.
There is already a bounty on everyone’s intimate privacy. Today, and every day, our intimate data—data about our bodies, health, sex, gender, sexual orientation, close relationships, online searches, reading habits, and private communications—is being collected, mined, and sold. As I have written elsewhere, “Intimate life is under constant surveillance.” Crucial aspects of our lives and livelihoods are on the line. Life insurance companies can raise people’s premiums if health app data suggests they’re at increased risk of chronic disease. Employment services can exclude people for interviews if their online activities suggest that they have bad habits. Some employers have access to employees’ period- and fertility-tracking apps, which could enable them to use women’s intimate information to raise the cost of employer-provided health insurance, adjust wages, or scale back employment benefits.
Right now, we view the handling of our intimate data as a matter of profits, efficiency, and consumer protection. That must change. Our data is ours. It reflects who we are and want to become, what turns us on, and where our hopes and dreams lie. Intimate data reveals our vulnerabilities—things that leave us open to coercion, manipulation, and discrimination. It should be vigorously protected, not collected in case it might be valuable someday or sold in the here and now. We cannot develop authentic identities, form close relationships, or engage as citizens without intimate privacy. We should be able to wear health bands, talk to digital home assistants, search adult sites, and message dates without worrying about being surveilled. We should be able to enjoy the opportunities that digital tools and services offer without worrying that the details will count against us. We should be able to share experiences, feelings, and thoughts on- and offline, expose our bodies and selves with trusted friends, and learn about our health and identities with the reassurance that the firms facilitating our activities and interactions are also protecting them.
We need to treat intimate privacy as a civil right. Civil rights are legal and moral rights whose protection is essential for human beings to flourish, enjoy respect, and feel that they belong. Civil rights guarantee our participation in a democratic society. They are moral rights: They cannot be traded away or denied without a good reason. Civil rights are fundamental entitlements owed to everyone, but they also require protection against discrimination given the bigoted stereotypes and attitudes that vulnerable groups face. Civil rights are guaranteed to all, but too often and in too many ways are denied to people who aren’t white, women, and LGBTQ individuals (and, most of all, to people with more than one marginalized identity).
Treating intimate privacy as a civil right would require comprehensive privacy legislation. We can find inspiration in modern civil rights laws that require entities with control over important rights to act as the caretakers of those rights. For example, the Americans With Disabilities Act mandates that employers, schools, and public transportation systems provide reasonable accommodations to disabled individuals. Title VII of the Civil Rights Act of 1964 obligates employers to act as the caretakers of their workplaces so that employees enjoy equal opportunities. Federal and state lawmakers can build on that tradition in protecting intimate privacy.
Comprehensive privacy legislation would require entities handling intimate data to act as data guardians. That might mean they could not collect it in the first place. If a business has no legitimate reason to collect intimate data, or if the risk to intimate privacy outweighs the benefits of collection, then that data should not be collected. Under the limited circumstances when businesses could collect it, they would have duties of nondiscrimination and loyalty. Once intimate data is collected, it should be used, shared, and stored in ways that serve people’s best interests. Companies would not be permitted to handle intimate data to advantage themselves and to disadvantage us. Crucially, a civil right to intimate privacy would prohibit the sale of intimate data to third parties. Full stop, end of story. Businesses with which we have relationships—the sites we visit, the apps we use, the companies that sell us home devices—are our data guardians. They should not share or sell our intimate data to businesses with which we have no relationship. And they should not be able to ask us for permission to do so. Courts enforcing this legislation should be granted the power to order companies to halt the collection, use, or sharing of intimate data until they comply with the law. If businesses fail to heed these orders, then courts should be able to impose what I have described as a “data death penalty,” an order to permanently stop a business from handling intimate data.
I have been working with lawmakers to make these protections a reality. Recent bills proposed by Sen. Elizabeth Warren and Rep. Sara Jacobs reflect these commitments. The Health and Location Data Protection Act, introduced by Warren and cosponsored with Sens. Ron Wyden, Sheldon Whitehouse, Patty Murray, and Bernie Sanders, would ban data brokers from selling or transferring location or health data and require the FTC to promulgate rules to implement the law. It would empower the FTC, state attorneys general, and private individuals to sue to enforce provisions of the law and to seek injunctive relief to stop companies from selling intimate data. Jacobs’ My Body, My Data Act would minimize the extent to which companies could collect and retain reproductive health data, and prohibit such data from being disclosed or misused.
No doubt, companies will do everything that they can to defeat these proposals. They don’t want any friction between us and their data grabs and profits. I will try to convince these companies that these rules are not the end of the world—that indeed they are the beginning of a new compact for intimate privacy, one based on trust and a commitment to our civil rights. Smart privacy scholars and advocates argue that strong privacy rules benefit companies in the long run by naturally enhancing the trust that we as consumers place in our commercial transactions and relationships. As Ryan Calo astutely puts it, privacy and markets are a “love story.” Taking the long view, companies might reap financial benefits of earning people’s trust, like having loyal customers. But even if collection restrictions and sale prohibitions just reduce corporate profits with no benefit whatsoever to companies, a civil right to intimate privacy is more important. Companies must adhere to these rules for the good of all of us.
The Dobbs ruling should shake us from our complacency. We want, expect, and deserve privacy for our intimate lives, yet we do not have it. The privacy of our intimate lives is under assault, and we need to fight to get it back. We need legislation that makes clear that intimate privacy must be protected and prioritized rather than destroyed or ignored. We need a civil right to intimate privacy now.