European citizens, policymakers, and leaders have voiced anger that US prosecutors could demand access to personal information that should, in their view, remain private.
While Americans are narrowing abortion rights, Europeans are moving in the opposite direction. Since 2018, conservative Catholic countries such as Ireland have voted in favor of legalizing the procedure. Of the 27 European Union members, only Malta and Poland maintain restrictive laws. After the Supreme Court ruling, the European Parliament passed a resolution in favor of making the right to abortion part of the EU’s Code of Fundamental Rights, voting 324-155.
The split comes at a sensitive time in transatlantic digital relations. Data transfers across the Atlantic Ocean have been in jeopardy ever since 2020, when the European Court of Justice struck down a data transfer system known as Privacy Shield. US surveillance of EU data sent across the Atlantic violates Europe’s General Data Protection Regulation (GDPR), the European court ruled.
Both European and American leaders have prioritized resolving the impasse. In March, EU Commission President Ursula von der Leyen and US President Joe Biden announced a political agreement on ‘Privacy Shield 2.0’. Details remain to be filled in. The White House is expected to publish an Executive Order outlining its compliance plans within weeks.
But since the Supreme Court ruling, Europeans have become concerned that US law enforcement will demand access to data to prosecute those seeking abortions. US data brokers already make money aggregating large swathes of data and reselling it. The Federal government has acquired consumer data to bypass obtaining warrants and a reporter recently purchased a list of people who visited Planned Parenthood, a healthcare provider that can conduct abortions, for $160. “While the right to privacy is enshrined as a fundamental human right in Europe, it is not in the United States,” says Mary Ziegler, the Stearns Weaver Miller Professor of Law at Florida State University College of Law.
“Location data is the biggest issue,” noted Jake Laperruque, Deputy Director of the Security and Surveillance Project at the Center for Democracy and Technology. Individuals could claim that they stopped using a period tracker app, but it’s hard to deny phone data showing visits to an abortion clinic and US courts already have accepted such evidence. Location data is much stronger than period tracker or other signs “to prove an abortion,” Ziegler maintains.
Tech companies are squeezed. In a blog post, Google said it will automatically delete location history of locations deemed “personal.” Examples include domestic violence shelters, abortion clinics, and addiction treatment facilities. Police warrants for such data have increased drastically since 2018, representing 25% of all warrants received in 2020, according to Google.
Other tech companies are following suit. Placer.ai and Safegraph, which previously sold information on individuals who visited Planned Parenthoods, have agreed to stop selling abortion data.
For transatlantic relations, the imminent danger centers on the new Privacy Shield. Europe’s GDPR provides strict protections for ‘sensitive data,’ including location “If US government agencies are able to bypass those commitments, that loss of privacy will have implications,” says Eduardo Ustaran, a partner at Hogan Lovells International LLP based in London.
European companies in the US could be subject to warrants to hand over data. Requests for location, health, and other sensitive data by law enforcement “would be regarded as a very severe infringement of the Privacy Shield principles,” Ustaran warns.
Despite the danger, the abortion debate still may not torpedo the construction of a Privacy Shield 2.0. In both Washington and Brussels, leaders want a deal, seeing it as a concrete move to improve relations from their turmoil with the Trump Administration and to keep a common front against Russian aggression in Ukraine. “There is a strong determination to fix the Privacy Shield” on both sides of the Atlantic, making it unlikely these concerns will dismantle the effort altogether,” predicts Ivana Bartoletti, Global Chief Privacy Officer at the Indian tech company Wipro.
Yet, any renewed Privacy Shield will be fragile, subject to a new negative ruling by the European Court of Justice. The split over abortion could sway some European justices about the danger of allowing European personal data to be transferred across the ocean. “Some form of legal challenge is inevitable,” law firm Herbert Smith Freehills LLP concluded in a recent analysis.
Potential reforms in Washington could head off this danger. A bipartisan group of Senators recently proposed Fourth Amendment Is Not For Sale Act that would close the data broker loophole. A broad US Federal Privacy law would reassure Europeans. But given the difficulty of passing legislation in the divided US Congress, such a new piece of legislation looks unlikely.
Before the Supreme Court ruling, analysts say the US and Europe seemed to be moving in the same direction to expand privacy protections. Analysts now believe that momentum has been broken. A “global understanding of the right to privacy has been driving that convergence,” says Ustaran. This fight over abortion threatens to “destroy the work of many years.”
Grace Endrud and Daniel Hayes are interns at CEPA’s Digital Innovation Initiative. Bill Echikson edits Bandwidth.
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.
