On November 7, 2024, Michigan lawmakers in the Senate introduced the Reproductive Data Privacy Act (“RDPA”), also known as Senate Bill 1082 (SB 1082). The bill aims to strengthen privacy protections for sensitive reproductive health data, including information on menstrual cycles, fertility, and contraception.
The RDPA is largely modeled after Washington’s My Health, My Data Act, but it more narrowly applies to organizations that provide reproductive health-related products or services, such as diagnostic testing, fertility apps, or abortion care. The bill regulates these organizations’ collection and processing of “reproductive health data,” which is defined to mean information that is linked or reasonably linkable to an individual and that identifies the individual’s past, present, or future reproductive health status. The RDPA includes the following notable provisions:
- Consumer Control and Consent: Entities must notify individuals and obtain explicit consent before collecting or processing their reproductive health data. Additionally, consumers have the right to access, delete, and revoke consent for sharing or selling of, their reproductive health data.
- Restrictions on Data Use and Disclosure: Data sharing with third parties or government agencies is prohibited without a warrant, legal obligation, or the individual’s consent. The bill bans geofencing practices around reproductive health service locations to prevent tracking or targeting individuals.
- Data Minimization. The RPDA mandates that information may only be collected for one of the following enumerated purposes:
- To provide a product, service, or service feature to the individual to whom the reproductive health data pertains when that individual requested the product, service, or service feature by subscribing to, creating an account with, or otherwise contracting with the covered entity or service provider;
- To initiate, manage, execute, or complete a financial or commercial transaction or to fulfill an order for a specific product or service requested by an individual to whom the reproductive health data pertains, including, but not limited to, associated routine administrative, operational, and account servicing activity such as billing, shipping, storage, and accounting;
- To comply with an obligation under a law of Michigan or federal law; or
- To protect public safety or public health.
Entities are prohibited from retaining reproductive health data for longer than necessary to achieve these purposes.
- Enforcement and Penalties: The Michigan Attorney General would oversee enforcement, and individuals could sue for damages ranging from $100 to $750 per violation. Additional remedies like injunctions and declaratory relief are also included.
Supporters seek to pass the legislation before the year’s end, prior to President-elect Donald Trump assuming office. The bill, however, must first pass through the Senate Committee on Housing and Human Services before it can be advanced to the Senate floor for potential amendment and vote. If approved by the Senate, it would then be referred to the House for further consideration.