Your Body Is Undermining Your Privacy Rights

Understand yourself. It’s an ancient saying that gains new significance in our digital era. Nowadays, you can purchase smart devices that track your heart rate, blood pressure, exercise routines, hydration levels, sleep patterns, mood fluctuations, menstrual cycles, sexual activity, and even bowel movements. The internet of things has evolved into what academic and author Andrea Matwyshyn refers to as the “Internet of Bodies,” promising insights into your “quantified self.”

The quest for self-knowledge isn’t new, but this data offers a fresh angle on awareness. Millions of Americans own smartwatches that remind them to stand, breathe, and walk a little more to hit their daily fitness targets. This beneficial (and health-conscious) algorithmic nudge operates only because your smart device is monitoring your physical activity. It literally knows you’re breathing, which could be useful for authorities if you stop. The information we generate—from step counts to DNA—is increasingly under scrutiny.

Not all of this monitoring is seen as intrusive. Many healthcare professionals have adopted digital tracking to support their patients. Smart pacemakers gauge heart rates. Digital pills log when someone last took their medication. Smart bandages can alert you to early signs of infection. These advancements hold the potential to enhance medical outcomes by connecting data from our bodies to our digital health records. They depend on tiny sensors that can be embedded in watches or installed in medical devices, enabling you to track your vital signs or monitor loved ones with health concerns.

However, there are risks associated with making medical data so accessible. Digital pills could alert your doctor (or parole officer) that you’ve stopped your psychiatric medication; the first such pill approved by the FDA is designed for treating schizophrenia and related mental health conditions. Besides assisting with your marathon training, your smartwatch’s data can reveal instances of drug use or sexual activity.

The recent laws restricting abortion heighten the implications for collecting this type of information. Nearly a third of women use period tracking apps to oversee their reproductive health. Many of these applications—like Flo, used by 48 million women—gather data on the user’s mood, body temperature, symptoms, ovulation, sexual partners, and geographic location. Even if a user doesn’t log the results of their pregnancy test, a missed period coupled with several weeks of recorded nausea would strongly indicate their condition. In states with restricted abortion access, this data could be used as evidence against someone.

In states where abortion is still legal, reproductive health information might be sold to marketers. In 2023, the Federal Trade Commission penalized the “femtech” company Premom for selling data to third parties, including Google and organizations in China. Similar to Flo, which also faced FTC scrutiny, Premom failed to disclose that it was sharing personal data—which, in its case, encompassed details regarding “sexual and reproductive health, parental status, and other physical health information.”

Some femtech companies have attempted to safeguard personal data by minimizing the amount they gather and storing it locally on devices, not logging IP addresses, or offering an anonymous mode. However, both companies and users remain vulnerable to court orders. U.S. companies must comply with U.S. laws, and when a state criminalizes abortion, data potentially evidencing an abortion becomes subject to warrants by investigative agents. The only way to prevent data turnover is by not collecting it, which poses a challenge for businesses that rely on data collection.

The growth of mental health apps and online therapy has unveiled another aspect of self-surveillance. The online therapy platform BetterHelp boasts over 2 million users accessing its virtual mental health services. Users can register and answer questions about their mental health challenges (like issues with depression or medication), receiving connections, advice, and support in return. However, the company has been known to sell your personal data to Facebook and other targeted advertising agencies—until 2022, when the FTC intervened, leading to a complaint against BetterHelp and its subsidiaries and ultimately imposing fines of $7.8 million.