As states across the country introduce bills that would restrict gender-affirming care for trans youths and limit access to abortion services, lawmakers in California and other Democratic states are moving to turn their regions into what some are referring to as “data sanctuaries,” which protect the private information of people traveling out of state for care.
This week, California’s legislature passed SB 107, a bill that would prohibit health care providers, law enforcement and courts in California from aiding in another state’s investigation related to a minor receiving gender-affirming care in California. That bill is now headed to Gov. Gavin Newsom’s desk. A separate bill introduced by assemblymember Mia Bonta, which was also passed by the legislature, would shield people who traveled to California for abortion services from having their medical records shared with states and third parties looking to enforce out-of-state abortion bans.
Through these bills, California lawmakers are hoping to do for trans and reproductive rights what other sanctuary city and state policies have done for immigrant rights. The legislation could help cut off at least some of the digital trails that civil liberties and privacy advocates fear could be used against trans youths and people seeking abortions.
“What is happening now is there are a series of red states — Texas, Alabama, others — that are trying to criminalize parents for allowing their trans children to receive gender-affirming care,” state Sen. Scott Wiener, who co-sponsored SB 107, told Protocol. “This bill is a response to those vile laws.”
Recent laws in states such as Arkansas have attempted to ban gender-affirming health care for minors, and in Texas, Gov. Greg Abbott has issued an order calling on the public to report parents who allow their children to receive gender-affirming care. The Supreme Court’s overturn of Roe v. Wade has also unleashed a flood of restrictive abortion laws across the country.
Residents in those states now have to look to nearby states where abortion and trans rights are protected to gain access to care. But without protections, the data they leave behind could be used to prosecute them when they return home.
“We know that parents are crossing borders with their kids. It is, I think, only a matter of time until the anti-trans investigators are looking into the movement of kids over state lines and turning to data that is in the pro-trans states,” said Adam Schwartz, a senior lawyer at Electronic Frontier Foundation, who recently wrote in support of more states becoming data sanctuaries for trans kids.
According to a March 2022 report by the Williams Institute at UCLA School of Law, “more than 58,000 transgender youth and young adults across 15 states are in jeopardy of losing access to gender-affirming care.”
SB 107 would make it a lot harder for other states to investigate instances of minors receiving gender-affirming care in California. It would prohibit compliance with out-of-state subpoenas that seek data to enforce state laws banning gender-affirming care of minors. It would also prohibit law enforcement from cooperating with the enforcement of out-of-state laws that prohibit this kind of care.
Since the bill was introduced, 19 other states have proposed similar so-called “trans refuge state” bills, according to Wiener’s office.
While federal laws such as HIPAA do protect the handling and disclosure of sensitive health information, not all local officials are covered under that regulation, and some aspects of a person’s information — such as the license plates of the car they drove to a clinic — are not protected and could be obtained with a subpoena or warrant.
The California bills are intended to have a similar effect as those enacted by Democrat-led cities and states to protect undocumented immigrants in the past. According to a 2020 study, those sanctuary policies have been effective at “reducing deportations of people with no criminal convictions by half — without affecting deportations of people with violent convictions.”
Of course, there are other ways that anti-trans states could go about getting the data they are seeking without implicating the California law enforcement agencies, courts or health care providers targeted in the bill. Data brokers sell sensitive data readily. Meanwhile, platforms such as Facebook could always share data voluntarily when asked, though Facebook’s stated policies generally suggest it would only do so in response to a law enforcement request or in emergency situations.
Still, supporters of the bill including Wiener concede this is something of a loophole, and are willing to see amendments. “If Apple or Facebook or anyone else thinks that we need to make any tweaks to it to make it more expansive, we are happy to have that conversation,” Wiener said.
Since the Supreme Court overturned Roe v. Wade, reproductive rights groups have also called on tech companies to do more to protect the data of people seeking abortions. Recently, authorities in Nebraska have used private Facebook messages to prosecute a mother and daughter in connection with an abortion. (Facebook said the law enforcement request for the data made no mention of abortion.)
For Schwartz, shielding information held by social media companies would be a crucial next step toward greater data protection. “There is a lot of hard work to be done to figure out how to be a data sanctuary,” Schwartz said. “There are a million cracks in the dike, and people are just beginning to figure out how to fill them.”
