In Light of Focus on Pregnancy and Period Tracking, Gov. Whitmer Reminds Michiganders to Monitor Data Privacy

May1, 2024

Contact: [email protected]

In Light of Focus on Pregnancy and Period Tracking, Gov. Whitmer Reminds Michiganders to Monitor Data Privacy

As the ongoing assault on reproductive freedom broadens to digital world, Governor and Attorney General urge stronger data, consumer protections

LANSING, Mich. - Amid a national conversation on pregnancy and period tracking, Governor Gretchen Whitmer reminded Michiganders to check their health apps and be mindful of any data that is shared with app developers and third parties. She also urged residents, particularly those attending college out of state in places that restrict access to abortion, to check Attorney General Dana Nessel's consumer alerts on private health and location data.

"Every Michigander deserves privacy and control over their own health information," said Governor Whitmer. "With so much sensitive information online about our health, habits, and lives, we need to stay vigilant about bad actors trying to get their hands on it. Without adequate protections, our data could be used to go after women seeking reproductive health care, their friends and family, and to prosecute nurses and doctors for doing their jobs. Here in Michigan, we are going to protect people's data and their reproductive freedom. I urge Michiganders to check their health apps, especially if they live in a state with restrictions on abortion and contraception."

"Protecting a person's rights to bodily autonomy and privacy in their medical decisions go hand in hand," said Attorney General Nessel. "While Michiganders overwhelmingly supported reproductive freedom in 2022, the outlook nationally following the fall of Roe remains largely unknown. That is why even here in Michigan, it's critical that residents read the fine print in the user agreements for applications and programs pertaining to their private health information. Oftentimes, registration through these platforms gives companies the right to sell personal information to other companies and organizations, regardless of where they are located, which can then make it available to whoever wants to pay to obtain it."

Protecting Your Data

The Protecting Private Health and Location Data Consumer Alert is available on the Department of Attorney General's Consumer Protection page.

Here are some additional tips from the Federal Trade Commission on how to protect personal data:

1. Compare options on privacy. When considering a health app, ask some key questions:

• Why does the app collect information?
• How does the app share that information - and with whom?
• Then choose the app with the level of privacy preferred.

2. Take control of personal information.

• Do app settings let the user control the health information the app collects and shares?
• Is the app up to date?

3. Know the risks.

• Are the app's services worth risking personal information getting into the wrong hands

4. Report concerns. Do you think a health app shared personal information without permission?

• Tell the FTC online
• File a complaint with the Michigan Department of Attorney General

For more information, see additional guidance from the U.S. Department of Health and Human Services.

Data Privacy Letter

In August 2022, the Governor sent a letter calling on Apple, Alphabet, Amazon, Meta, and Microsoft to bolster their efforts to protect personal data. As reproductive freedom is under attack and extremists seek to use location and health data to go after women, nurses, and doctors, the governor called on big tech to do more to protect their fundamental right to privacy and bodily autonomy.

Her letter asked them to do the following:

1. Provide users with clearer mechanisms to opt out of data retention and sharing for sensitive health information, including any sale of such data to third parties. These mechanisms should be paired with additional steps to protect user data, such as automatically deleting such data after a set period of time.

2. User information should be provided to law enforcement only in response to requests that conform to the relevant law. Whenever legally possible, companies must notify users when law enforcement make a request for their communications or personal information.

3. Companies must make information publicly available about requests they receive for sensitive health data and other information that could be used to prosecute women for seeking health care. They must publish and regularly update information about all such requests received for user communications or information concerning reproductive health or other health matters, including search histories.