To protect personal information from companies that sell data, some individuals are relying on...
One of the ways courts could find people to prosecute is to use the data that our phones produce every day.
Most people carry one at all times, automatically registering their daily activities through Internet searches, browsing, location data, payment history, phone records, chat apps, contact lists and calendars.
"A little-known treasure trove of information about Americans is held by data brokers, who sell their digital dossiers about people to whoever will pay their fee," explains Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory.
"Law enforcement agencies have used data brokers to do an end run around the Fourth Amendment's warrant requirement. They just buy the information they'd otherwise need a warrant to get."
Geofence and other location data can easily reveal who has visited a clinic that provides abortion care.
Greer's worry is not merely theoretical: Vice's online tech news outlet Motherboard recently reported two cases of location data brokers selling or freely sharing information about people who had visited abortion clinics, including where they traveled before and after these visits.
Such information can be even more revealing when combined with health data.
Despite the fact that these data are about personal health, they are not protected by the Health Insurance Portability and Accountability Act of 1996, which protects health information from being shared without a patient's consent.
Ultimately, the vulnerability of users' phone data depends on the choices made by the companies that develop the software and apps they use.
When contacted with a request for comment, a representative of the period-tracking app Clue responded, "Keeping Clue users' sensitive data safe is fundamental to our mission of self-empowerment, and it is fundamental to our business model, too-because that depends on earning our community's trust. In addition, as a European company, Clue is obligated under European law to apply special protections to our users' reproductive health data. We will not disclose it." In the U.S. many companies are not subject to GDPR's requirements-and plenty of them take advantage of their free rein to sell data on to third parties.