Jon Bigelow, Coalition for Healthcare Communication

Abortion debate complicates the data privacy issue

By Jon Bigelow

Federal regulation of data privacy and security has been on the back burner for the past two years, but key members of Congress have been working behind the scenes to frame bipartisan legislation and the Federal Trade Commission (FTC) is gearing up. Now, the Supreme Court’s decision overturning Roe v. Wade may put this issue front and center in Congress after the midterms. Here’s a quick take on what to watch for.

The situation pre-pandemic

This is the Age of Big Data, benefiting all of us as consumers and as healthcare communications professionals, yet it is also the Age of Data Vulnerability. Concern about security breaches, misuse of personal data, and ever-more invasive collection of data has been growing for years. New technological developments (the metaverse), applications (contact tracing for COVID-19), or trends (widespread use of facial recognition) raise the stakes. 

As citizens, we would all benefit from having stronger and simpler rules in place. As an industry, we would benefit by having data regulation at the federal level, rather than coping with different rules in different states.

A bipartisan bill seemed to be coming together in 2019 and early 2020, spearheaded by Sens. Roger Wicker (R-Miss.) and Maria Cantwell (D-Wash.). At the time, they were chair and ranking member, respectively, of the Senate Commerce Committee; they swapped positions when the Democrats took control of the Senate in 2021.

Their approach attempted to go beyond the opt-in/opt-out emphasis of the European Union’s General Data Protection Regulation or the California Consumer Privacy Act (CCPA), which leave the burden on consumers to know when and how to opt in or opt out. Their draft bills would have set some guardrails to reduce the need for consumers to monitor every use of their data and to parse all the legal “terms and conditions,” and would have established a unit within the FTC to enforce the regulations and to keep pace with emerging issues as technology evolves. The bill was stalled by two disputes: whether to pre-empt all state privacy laws (as Republicans wanted), and whether to reserve enforcement to the federal and state governments (as Republicans preferred), or allow consumers to sue if they felt their data rights were violated (as Democrats wanted).

When the pandemic gripped the country in March 2020, national attention turned to other issues, and all momentum on passing federal data privacy legislation was lost.

What’s new?

At least three factors have changed since May. First, the FTC – the regulatory agency tasked with enforcing data privacy protections – is now poised to act. Since taking office in 2021, FTC Chair Lina Khan has made clear her intention to take a more aggressive stance against big tech companies on both antitrust issues and data privacy, but she had been stymied by the lack of a majority on the board. 

That stalemate was broken in May when Alvaro Bedoya – founding director of Georgetown Law School’s Center on Privacy and Technology — was confirmed by the Senate, bringing deeper understanding of data issues to the board and giving Khan a majority on most issues. The FTC is expected to take a tougher look at use of artificial intelligence, facial recognition, and health apps and wearables.

Second, some members of Congress have continued to work on privacy proposals behind the scenes. For example, in June a discussion draft of new legislation was introduced jointly by Wicker along with Frank Pallone (D-N.J.) and Cathy McMorris Rodgers (R-Wash.), respectively the Chair and Ranking Member of the House Energy and Commerce committee. It would establish objective boundaries around use of personal data, require covered entities to minimize the data they collect, set rules on how data is processed, require that consumers be allowed to turn off targeted advertising, and provide enhanced protections for children and adolescents. 

Crucially, they offered a compromise solution to the two earlier stumbling blocks. Their proposal would preempt most state privacy laws, although permitting a handful of provisions from the CCPA to stand. And it would allow a “private right of action” (that is, consumers can sue), but only beginning four years after the bill goes into effect (which presumably allows time for the FTC to stand up to its enforcement mechanisms).

Third, the Supreme Court’s late June decision overturning Roe v. Wade has refocused attention on the importance of data privacy. Both advocates and foes of abortion rights have come to realize that a vast amount of personal data can be weaponized as states seek to prosecute women and their healthcare providers for seeking or providing abortions. 

Wearable devices help women track menstrual cycles, text messages may show conversations about considering crossing state lines to seek abortion services, GPS information on smartphones reveals locations traveled to – and there are fears that, depending on how states craft their legislation, law officers can access this data. 

Where this could go

The Wicker-Pallone-Rodgers bill is notable because it has the support of leaders from both parties (although Cantwell has not yet endorsed it). Hearings have begun, lobbyists are raising objections, and amendments will be proposed. Realistically, I see no way a bill this important, far-reaching, and complex could go from proposal to law in the remaining time of this Congressional session. 

But the effort reflects that the two parties are within reach of a workable compromise on data privacy. That’s important, given the high probability that control of Congress will be split between the two parties after the midterms.

The flip side of the coin, sadly, is that to the extent data privacy regulation becomes embroiled in one of our hottest culture-war issues, new political pressures may reduce the interest in bipartisan agreement. And it makes it likely that whatever data privacy regulations are passed, there will be legal challenges in the context of anti-abortion laws. 

So, expect to hear a lot more about federal data privacy regulation in 2023 – and also expect the Coalition for Healthcare Communication to be watching carefully on the industry’s behalf.

Jon Bigelow, Coalition for Healthcare Communication

Jon Bigelow is executive director, Coalition for Healthcare Communication