BUSINESSLATEST

Va. Republicans shelve bill to protect menstrual data from search warrants

Despite passing the Senate in a bipartisan vote, the bill was defeated in a House subcommittee after an official from Republican Gov. Glenn Youngkin’s administration voiced their opposition to it.

By Julianne McShane

Virginia Republicans this week voted to shelve a bill that would have prohibited authorities from using a search warrant to seize menstrual data stored on a computer or other electronic devices.

Advocates of the bill say the outcome could make Virginians’ private menstrual data susceptible to surveillance, and that it could put people in the state at risk of prosecution if they seek or obtain abortions in the post-Roe v. Wade era.

Despite passing the Senate in a bipartisan vote 31-9 earlier this month, the bill was defeated 5-3 in a House subcommittee after Republican Gov. Glenn Youngkin’s administration voiced their opposition to it.

Deputy Secretary of Public Safety and Homeland Security Maggie Cleary on Monday told the Courts of Justice subcommittee tasked with reviewing the bill that the administration believes “any health information or any app information” should continue to be available via search warrant, adding that the bill appeared to pose the first statewide limit for what information could be subject to a search warrant, according to NBC affiliate WWBT of Richmond.

The legislator who introduced the bill, Democratic state senator Barbara Favola, replied that “there’s very little information that is as personal and private as your menstrual data,” WWBT reported.

The subcommittee’s Republicans nevertheless voted to “table,” or shelve, the bill, with all three Democrats voting against doing so. The motion would require that the committee vote to re-consider the bill before taking it up again this session; it could also be re-introduced next session.

Advocates fear surveillance, criminalization

Advocates of the bill condemned the vote.

“There is no reason to need access to people’s personal menstrual data other than to surveil & criminalize them for pregnancy outcomes,” tweeted REPRO Rising Virginia, a nonprofit abortion rights organization.

Democratic Party of Virginia spokesperson Liam Watson called the Youngkin administration’s opposition of the bill “a dangerous step.”

“It is exceptionally disquieting to see Governor Youngkin oppose a bill that would protect women from having their private health data weaponized against them in a court of law,” Watson said in a statement.

In a statement Monday, Youngkin spokeswoman Macaulay Porter told the Virginia Mercury that Democrats were “deliberately distorting the problems with this bill to distract Virginians” from a vote they took to block a bill Youngkin supported that would’ve allowed drug dealers to be prosecuted for felony homicide if they supplied drugs that led someone to die of an overdose.

The Youngkin administration’s opposition to the bill comes after Virginia Senate Democrats defeated several bills that sought to restrict abortion access, including a proposal for a 15-week abortion ban backed by Youngkin, who is rumored to be considering a presidential run. (Abortion is currently legal in Virginia up until the third trimester, at which point an abortion can only be secured if multiple physicians determine the patient’s physical or mental health is at risk.)

Favola told CBS affiliate WUSA of Washington, D.C. that she was inspired to write the search warrant bill following the Supreme Court’s overruling of Roe v. Wade, adding that she “felt I needed to take steps to ensure that information that women may be using cannot be used against them or to criminalize their behavior.”

The defeat of the search warrant bill also came just days after Florida officials ruled that schools would no longer ask student-athletes to share their menstrual histories in order to play high school sports, a proposal that sparked controversy after the Palm Beach County School District announced student-athletes would be able to share that information on a digital form, which could be subject to subpoenas.

Vulnerabilities of menstrual tracking apps

About 30% of women report tracking their fertility or menstrual cycles on the Internet or on phone apps at least occasionally, according to a 2019 Kaiser Family Foundation report.

Last July, the White House warned that people should be “really careful” about tracking menstruation on apps, Reuters reported.

The Department of Health and Human Services also issued guidance last year on how people can increase the privacy of health information they store on their phones — including by turning off location sharing and tracking activity across apps.

That guidance also notes that Health Insurance Portability and Accountability Act rules — which protect the privacy of health information managed by certain entities, including healthcare providers — generally do not protect health information stored on personal phones or tablets.

Marielle Gross, an academic who has studied the ethics of menstrual tracking apps, said the defeat of the Virginia bill emphasizes the extent to which personal health information stored on such apps could make users vulnerable — particularly in light of increasing abortion restrictions.

She likened the apps to a “snake oil salesman parading as healthcare.”

“The business model is about exploitation, and without any regulatory oversight” like the kind that doctors are subject to, said Gross, an assistant professor at Johns Hopkins’ Berman Institute of Bioethics and the University of Pittsburgh’s Center for Bioethics and Health Law.

Menstrual tracking apps have a history of coming under fire for how they use the data they store. In 2021, the Federal Trade Commission announced that it filed a complaint against Flo, a popular period- and pregnancy-tracking app, alleging that it shared millions of users’ data with third party companies including Google and Facebook, even while promising users their data would stay private.

Six months later, the FTC announced it had settled with Flo and that the app would be forced to notify affected users their information had been shared and instruct the third parties to destroy that data, among other stipulations.