Proposed Washington law puts period-tracking apps on notice • The Register

A bill proposed by Washington state lawmakers would make it illegal for period-tracking apps, Google or any other website to sell consumers’ health data while also making it harder for them to collect and share this personal information.

Washington Representative Vandana Slatter, a Democrat, introduced House Bill 1155. [PDF], the My Health, My Data Act, in response to the US Supreme Court ruling last year to overturn Roe v. Wade, which removed constitutional rights to abortion. Since then, a dozen states have banned the procedure.

“It’s long overdue that we have increased data protections for our most sensitive health data, and it’s taken on an increased urgency in a post-Dobbs world,” Slatter told The Register, “This information, if it’s bought or sold, can do real harm.”

“Many people think their health data is protected under HIPAA,” Slatter continued, referring to America’s Health Insurance Portability and Accountability Act.

But HIPAA’s privacy protections do not extend to information collected by medical apps, tech giants or even so-called pregnancy crisis centers set up by anti-abortion groups.

This data can be shared or sold, and post-Roe it can be used to prosecute women seeking abortions or doctors providing the procedure or to discriminate against people looking for information about gender-affirming healthcare.

“Think about period-tracking apps that can sell information about a woman’s missed or late period,” Slatter said. “Or a pregnancy crisis center that someone visits and then learns they can’t receive an abortion, but their information can be sold to anti-abortion groups. Or digital advertising firms that set up geofencing around healthcare facilities. This bill is about closing the gap on health data privacy protections from the technological side of it.”

In addition to blocking websites and apps from collecting and sharing private health information without written permission, the bill would also ban the use of geofences – using a mobile device’s location to send unsolicited messages and ads to people at health facilities.

Plus, it would require companies that collect personal health data to create, maintain and publish a privacy policy.

The proposal also gives Washington consumers greater transparency into who and what is collecting their health data.

It makes opting into data collection more intentional on the consumer’s part – and more difficult for the website – by requiring “voluntary, specific, and unambiguous written consent.” A consumer cannot give consent by simply agreeing to broad terms of use or by a website using deceptive designs, according to the draft bill.

Additionally, the bill would give consumers the right to withdraw consent at any time, demand that websites and apps delete their health data, and get prompt answers about whether the business is collecting or sharing this type of private information and with whom.

The House bill has a companion bill in the state’s Senate.

“With the significant growth in the use of tracking apps, online chats, social media and search engines for accessing healthcare information, advice and research, these protections for sensitive health data are long overdue,” said Sen. Manka Dhingra, the sponsor of the companion bill, in a statement.

Washington is one of the states that expanded access to abortions after the Supreme Court overturned Roe. This, according to the lawmakers, makes the proposed law even more important.

Slatter said she felt compelled to do something after looking at the Guttmacher Institute’s statistics.

“They are saying around a 389 percent increase in the number of women who would be accessing reproductive healthcare in Washington from outside the state,” she said. “That could be hundreds of thousands of women and people who are coming from other states. From the standpoint of health data, we want to say if you come to Washington state, you are protected and your health data is not for sale.”

Leave a Comment