EFF reproductive health data and surveillance campaign (2022–ongoing)

The Electronic Frontier Foundation (EFF)'s campaign to protect reproductive health data from surveillance began with pre-emptive analysis before the Supreme Court's ruling and intensified the moment the decision landed. On June 24, 2022, the day the Court issued Dobbs v. Jackson Women's Health Organization, EFF published a campaign statement framing the new threat landscape: individuals "seeking, offering, or facilitating abortion access must now assume that any data they provide online or offline could be sought by law enforcement." Where reproductive healthcare had previously been legally protected, the data trails of abortion seekers — location pings from mobile phones, search queries, text messages, app behavioral signals, and electronic health records — could now be subpoenaed as criminal evidence in states where abortion had become a crime. EFF's response was a sustained multi-track campaign combining direct public education, state and federal legislative advocacy, corporate accountability pressure, and First Amendment challenges to platform censorship.

The digital surveillance threat model

The surveillance threat EFF identified centres on the data broker ecosystem — companies that buy mobile device location telemetry from app publishers and resell inferred profiles to law enforcement, anti-abortion advocacy organisations, and private investigators. In a May 2022 analysis written before the Dobbs decision, EFF documented that data broker SafeGraph had already been selling location information showing visits to Planned Parenthood facilities, including the origin and destination addresses of device holders — data whose inference engine maps raw GPS coordinates to clinic entries and exit trajectories using algorithmic pattern recognition. When EFF documented the congressional probe in July 2022, five brokers — Babel Street, Digital Envoy, Gravy Analytics, SafeGraph, and Placer.ai — were placed under formal congressional inquiry for their role in converting mobile telemetry into actionable profiles of clinic visitors.

Beyond location data, the campaign identified several additional surveillance surfaces: period-tracking app data revealing menstrual cycles and pregnancy status; search engine query histories showing abortion-related searches; social media content; text messages and encrypted messaging metadata; electronic health records traversing state lines; and digital payment records for abortion services. Law enforcement access to any of these streams, individually or in combination, can reconstruct an abortion seeker's complete movement and communication pattern — constituting what EFF called "digital dragnets." The campaign frames this as an algorithmic accountability issue: the harm is not only that data exists, but that machine-inference pipelines operated by unregulated commercial actors convert that data into actionable intelligence against people whose healthcare decisions are now criminalized.

Surveillance Self-Defense and direct public education

EFF's most immediate public-facing response was a digital security guide for abortion seekers published on June 24, 2022, and a dedicated Surveillance Self-Defense playlist tailored to three distinct threat models: patients seeking reproductive healthcare, clinic staff and healthcare providers, and abortion access advocates and activists. The playlist structure — differentiating by role rather than by topic — reflected EFF's recognition that the technical threat model differs for a patient (primarily exposed through her own devices and search history), a clinic administrator (exposed through facility networks, payment systems, and provider communications), and an activist (exposed through network associations and organizational metadata). The guides provide operational security recommendations including encrypted messaging applications, location service controls, private browsing, and device encryption, alongside explanations of which data law enforcement can obtain through various legal mechanisms (subpoena, warrant, geofence warrant, data broker purchase without legal process).

Stop Censoring Abortion

A parallel campaign track — the "Stop Censoring Abortion" blog series — documented platform suppression of abortion-related content, including account suspensions and algorithmic downranking of posts by reproductive health providers and advocates. EFF challenged this as a First Amendment and platform-power problem distinct from but related to the surveillance threat: platforms were restricting abortion speech without any legal requirement to do so, effectively amplifying the chilling effect that Dobbs created at law. The campaign pressed companies to distinguish between content the law actually required them to remove and content they were suppressing on their own initiative in response to political pressure.

State legislation: California data sanctuary wins

EFF supported and celebrated California's passage of three data sanctuary laws signed by Governor Newsom on September 27, 2022. A.B. 2091 (authored by Assemblymember Mia Bonta) prohibits California healthcare providers from disclosing abortion-related medical records to law enforcement acting under out-of-state law and blocks California courts from issuing subpoenas for such information in out-of-state cases. A.B. 1242 (Assemblymember Rebecca Bauer-Kahan) restricts use of digital surveillance tools — wiretapping, pen registers, warrants — in investigations of abortions that are lawful in California, and prohibits technology companies from complying with out-of-state warrants or legal demands concerning such procedures. S.B. 107 (Sen. Scott Wiener) extends parallel protections to parents who allow transgender youth to receive gender-affirming healthcare in California. EFF characterised all three as "strong protections" and called on other states to enact comparable legislation. The California wins established a legislative template that the campaign treated as a model for sanctuary-state protections nationally.

Federal legislation: the "My Body, My Data" Act

At the federal level, EFF backed Rep. Sara Jacobs's "My Body, My Data" bill, which the campaign identified as the appropriate structural answer to the data broker ecosystem. As documented in EFF's July 2022 coverage, the bill was authored by Jacobs and simultaneously provided the frame for the congressional investigation of data brokers that she co-led with House Oversight Committee chair Rep. Carolyn Maloney and Consumer Policy Subcommittee chair Rep. Raja Krishnamoorthi, who sent inquiry letters to five location data brokers in July 2022. The bill would limit business collection and sharing of reproductive and sexual health data, impose data minimisation and retention limits, and establish deletion rights — applying the same accountability demands to the data layer that EFF's state-level advocacy applied to law enforcement cooperation. The reintroduced bill in the 118th Congress retained EFF's endorsement and the data-minimisation structure of the original. As of mid-2026 it had not passed the Senate.

Data broker accountability outcomes

The campaign's data broker pressure track produced measurable regulatory outcomes. The FTC filed suit against Kochava in 2022, alleging that the location data broker's practices violated federal unfair business practices bans — with the FTC specifically naming the ability to identify devices visiting abortion clinics and trace them to residential addresses. In January 2024, the FTC issued an order barring X-Mode (subsequently renamed Outlogic) from selling sensitive location data near healthcare facilities, directly applying the reproductive-health-data accountability frame EFF and congressional allies had been pressing since the Dobbs decision. In February 2024, Sen. Ron Wyden's investigation — building on EFF's research base — publicly exposed data brokers actively selling location data to anti-abortion advocacy organisations that used it to target individuals identified as having visited abortion clinics. In late 2023, Google committed to modifying how it stores user location history to prevent geofence warrant abuses — a reform EFF had advocated directly to the company as part of the campaign's corporate track.

Significance

This campaign occupies a distinctive position in the corpus's US digital-rights coverage on two counts. First, it is the clearest example in the corpus of an algorithmic-accountability campaign anchored in reproductive justice rather than in labour, criminal justice, or immigration — establishing that the data broker surveillance threat is not sector-specific but cuts across any domain where algorithmic inference from behavioral data can be weaponized by enforcement. EFF explicitly frames the campaigns against Babel Street, Gravy Analytics, SafeGraph, and similar actors not as privacy-concern-in-the-abstract but as accountability for the machine-inference pipelines these companies operate: the harm is the algorithm's ability to transform location telemetry into health-status inferences that no patient consented to disclose. Second, the campaign is notable for its early and clear identification of the cross-state data flow problem — the structural question of whether data generated under one legal regime (California, where abortion is legal) can be lawfully subpoenaed to enforce another regime (Texas, where it is not). That cross-state-data-flow question connects this campaign to the broader EDRi-pattern of jurisdictional-arbitrage challenges visible in the European context, and distinguishes EFF's approach from campaigns focused purely on prohibiting specific surveillance tools rather than the enforcement architecture they support.