With the overturning of Roe v Wade and in the absence of federal data protection and privacy legislation in the United States, company data practices can be either a first line of defense or a single point of failure in people’s ability to realize their privacy and reproductive rights amid an increasing number of repressive and retrogressive state laws. New state laws seek to criminalize a person’s right to decide whether, how, and when to seek an abortion or other contested procedures. One way in which law enforcement agencies in these states are pursuing prosecution involves making data demands to companies that may provide services to people seeking such health care, including pharmacies, box stores that sell maternity goods, providers of anti-abortion medication, hotels near abortion and other clinics where people seek accommodations when they cannot get the health care they need at home, and the data brokers that provide data profiling for targeted advertising and law enforcement purposes.

Unfortunately, current privacy laws provide limited protection: HIPAA generally does not protect health data beyond a doctor’s office or insurance company. Further, the U.S. has no comprehensive federal privacy law protecting data outside of the HIPAA context. In a post-Roe world with a digitized economy and few privacy protections, companies are likely to over-collect and share data that is indicative of people’s health conditions and reproductive choice, potentially resulting in severe harm.

Federal legislative solutions hold little promise for progress given the divisiveness of this issue. Even if with a presidential administration that prioritizes upholding reproductive rights, pregnant people seeking abortions in states with retrogressive laws will still be under threat. Moreover, companies will still have an incentive to collect and monetize as much data as possible. Against this backdrop, it becomes imperative to leverage other strategies, including finance-focused strategies such as shareholder engagement, to advocate for rights-protecting policies and data practices at the companies that hold data that could be used to prosecute people under regressive state laws.

Given the growing threat of prosecution for seeking an abortion and these barriers to broader policy change, we aim to convince companies to adopt policies that align their data collection, processing, and retention practices with data minimization principles. If companies do not hold data that can be used by state prosecutors, people’s health privacy will be better protected overall. In turn, pregnant people and their trusted partners, family members, friends, and heath-care providers will be able to exercise their rights without fear of prosecution or other undue interference in their private lives.

Open MIC seeks to leverage investor interest on this issue and raise awareness among companies of how their data practices may facilitate threats of prosecution of people seeking health care. The campaign urges companies to adopt data minimization policies and practices that will help mitigate those threats.

By pushing companies to adopt more robust data minimization policies and practices, including providing law enforcement transparency, we reduce the threat of prosecution for people seeking reproductive and other types of contested health care, while also increasing trust in the company and reducing the potential for damaging data breaches or reputational harm that could come from becoming embroiled in an abortion controversy.