At Clue, we strongly believe that the very personal decision to end a pregnancy should be made in the context of legal, regulated healthcare, without shame or fear of prosecution. Given the increasing criminalization of abortion in the US, we understand that many of our American users are worried that their tracked data could be used against them by US prosecutors. It is important to understand that European law protects our community’s sensitive health data.
Our mission has always been to empower people to know their bodies, through all stages of life, and whatever their reproductive decisions may be. This is a very personal journey we support through accurate, evidence-based and non-judgmental information as well as an app that is loved and used around the world.
As a community built on trust, we know that a fundamental part of earning that trust is being transparent about how we use and protect the sensitive data that people choose to track with us. As a European company, Clue is obligated under the world’s strictest data privacy law, the European GDPR, to apply special protections to such health data. We understand that it can nevertheless be challenging to assess how apps use data, so we make several commitments to give our community peace of mind.
Our users’ health data, particularly any data they track in Clue about pregnancies, pregnancy loss or abortion, is kept private and safe.
Our business model is not based on profiting from our users’ personal data - we don’t sell them products based on what they track, we do not share any tracked data with ad networks, and we certainly do not sell our users’ data to any third parties. Our business model is direct to consumer subscriptions - our users are our customers, nobody else is.
When we leverage our dataset for new insights into female health, we ensure that it is completely de-identified before the scientific researchers we work with analyze it - meaning that no data point can be traced back to any individual person. Together, the millions of cycles that have been tracked in Clue represent a historic opportunity to better understand the female body, which has historically been under-funded and neglected as an area of research.
Like every other consumer app, in order to be able to make Clue work and to function as a business, we do employ some carefully selected service providers to process data on our behalf. For these purposes, we share as little data as possible in the safest way possible.
Our data privacy team works tirelessly in order to meet our commitment to protect our users’ data. From data encryption and auditing software tools for European privacy compliance, to the robust de-identification of datasets for our scientific research partnerships–we always bear our users’ interests in mind.
At this fraught moment, we hear the anger and the anxiety coming from our US user community. Many of us at Clue understand first hand how it feels to fear for our reproductive autonomy. While we navigate this new reality, we promise to squarely face the challenges it brings, to listen and do everything we can to make every single Clue user's experience as positive and safe as it can be.
Your questions about Clue and EU data privacy answered
We hear your questions, and we understand your concerns. The thought that US authorities could use people’s private health data against them is infuriating, and terrifying. Without wanting to fuel further fear or speculation, we do want to offer our community clarity and reassurance.
Does European data privacy law protect US-based Clue users?
Yes. It doesn’t matter where in the world you are. If we hold your data, our own obligation under European law to protect our users' privately tracked data protects all Clue users - no matter where in the world you are located. All our users’ health data is stored in the EU.
But can US authorities still subpoena someone’s data from Clue if they are based in the US?
No. We would have a primary legal duty under European law not to disclose any private health data. No US Court or other authority can simply override that, since we are not based in the US. Our user data cannot be subpoenaed from the US. We are subject to the jurisdiction of the German and European courts, who apply European privacy law, as well as German human rights principles in criminal enforcement and procedural standards.
Some commentators have pointed out that there are mutual assistance treaties that allow countries to cooperate in prosecuting serious crimes. But the rollback of reproductive rights in the US does not result in creating the kinds of universally accepted “crimes” these rules are made for. We have looked into this extensively and we do not believe a German court would ever see their way to overriding core European privacy protections in order to assist a US abortion prosecution. In the hypothetical scenario that it did, we would resist the request by all means necessary.
We are, and always have been, committed to protecting your private health data. Your tracked experience should empower you, whatever your private health decisions. We will never enable anyone to use it against you.
To further clarify:
European data privacy law is the strictest in the world. It gives people fundamental rights when it comes to their sensitive health data, and it imposes obligations on anyone in Europe who holds such data - no matter whether they are a healthcare provider or a health technology company like Clue. Clue is based in Berlin, Germany, which is in Europe, therefore this law applies to us. GDPR applies to your data whenever we are in control of it.
Our user community spans the whole world - unsurprisingly, since half of humanity has cycles and a female reproductive system. Right now, we have users from Antarctica to Tuvalu, from Germany to Ukraine, from the US to Afghanistan. Not everywhere are women equal under the law. Not everywhere is there a right to liberty, or bodily autonomy, or reproductive choice - or to privacy about our most intimate experiences.
We repeat: we would not respond to any disclosure request or attempted subpoena of our users’ health data by US authorities, or any authorities. It is also worth stating that we have never had such a request from anywhere, despite millions of users and some legal limits on abortion (and other restrictions relating to female sexual and reproductive freedoms) in most places. We would let you and the world know if anyone tried.
This article was originally published Friday, June 24th 2022. It has been updated to include your most frequent questions and answers.