Subscribe now

The average American spends over three hours on their phone every day, and nearly half of U.S. teens say they’re on the Internet almost “constantly.”

While most of us understand that not all of our data is private, the scope of how much U.S. government agencies can access is overwhelming: Internet history, private messages, health information, political affiliation and phone location data are all up for grabs.

“We are constantly shedding data as we go about our daily lives,” says Lisa Femia, staff attorney at Electronic Frontier Foundation (EFF), a digital rights advocacy group. She says with no comprehensive Federal data privacy law, there’s little legal protection surrounding our digital rights.

This lack of regulation has unique implications for LGBTQ people, especially under the current Trump administration. In March 2025, the Department of Homeland Security’s Office of Intelligence and Analysis removed protections for LGBTQ identities from its restrictions on gathering intelligence. That means queer people are no longer a protected class when it comes to surveillance efforts.

This occurred off the back of Trump’s January Executive Order, “Protecting Children From Chemical and Surgical Mutilation,” that attempts to ban trans kids’ access to healthcare. In addition, laws banning gender-affirming care have passed in at least 24 states across the country, creating a perfect storm for the government to use digital surveillance to capture folks trying to access what advocates describe as “lifesaving” treatment.

“When our identities are being criminalized or stigmatized, record keeping, if it’s not done well, can be a massive, massive tool for oppression,” says Shae Gardner, policy director at the LGBT Technology Institute.

So what capabilities do law enforcement agencies and the government have when it comes to monitoring LGBTQ folks looking for resources like gender-affirming care? What are the implications for trans youth who are seeking this care out of state? And what can you do to protect yourself?

Data Brokers

One alarming way third parties—including marketers, scammers, private investigators, tech companies, retailers and law enforcement—can access your digital footprint is through data brokers. These businesses exist solely to collect individuals’ online data to sell for profit. They have access to highly sensitive data from companies, apps and websites that collect information on people. They also indirectly gather data from public records such as voting registries. In the U.S., their work is virtually unregulated.

“Data brokers can access our home addresses, telephone numbers, political preferences, location data, online purchases and much more,” says Gardner. “Users don’t even know that their data is available to be sold.”

There may be up to 5,000 data brokers globally, and out of the top 23 data brokerage companies in the world, 17 are in the U.S. These brokers have profiles on millions of Americans.

Through third-party apps, they can even access our health data, putting our sensitive medical information at risk. For example, after the overturning of Roe v. Wade in 2022, privacy experts were concerned that data collected by Flo, the period tracking app, could be misused, given its history of passing the health details of its users to third parties.

Subscribe now

Because of this, Femia says it’s becoming “harder and harder for people to get the care they need, the support they need, or be who they are, without leaving a trail that a hostile law enforcement agency or state government or federal government could use to target them.”

In some cases, the government has used the “Data Broker Loophole”—a gap in the Electronics Communications Privacy Act—to bypass legal requirements of obtaining warrants and subpoenas for data and instead purchasing it directly from private brokers. In Trump’s first term, it was discovered that his Department of Homeland Security (DHS) bought cellphone location data to detect possible illegal border crossings.

One data broker, Babel Street, created a tool named Locate X—used by the Secret Service and DHS—which gathers smartphone location data to monitor people worldwide without a warrant. In practice, this is meant to help the government track serious criminal activities. But with increasing animus towards the trans community, it could potentially be used to track the movements of doctors working at gender-affirming care clinics or trans people seeking care.

“It’s not a federal agent following you home anymore. It’s someone tracking your location on your phone,” says Gardner.

While there are no documented instances of the government using this data surveillance to track folks looking for trans healthcare, that’s not the case when it comes to reproductive healthcare. In 2023, an Idaho woman and her son were charged with taking the son’s girlfriend to Oregon to get an abortion, using her cellphone location data as evidence.

And in 2024, one company used location data broker Near Intelligence to track people’s visits to nearly 600 Planned Parenthood locations across 48 states and sold the data to feed a massive anti-abortion ad campaign funded by Veritas Society, a pro-life activist group.

On a now-deleted page on the organization’s website, they proudly cite that they use Near Intelligence’s advanced digital technology known as “Polygonning” to “identify and capture the cell phone ID’s of women that are coming and going from Planned Parenthood and similar locations. We then reach these women on apps, social feeds and websites like Facebook, Instagram, Snapchat with pro-life content and messaging.”

Education

In addition to data brokers, American kids are being monitored when they use computers provided by their schools. The Center for Democracy and Technology (CDT) reported an increase in surveillance software to monitor online activity on school-owned devices. In fact, 81% of teachers reported that their schools use some form of monitoring software and 71% reported it being used on school-issued devices, allowing schools to survey children outside of teaching hours.

“These tools provide teachers and schools with the ability to … view students’ email, messaging, and social media content, view the contents of their screens in real time, and other monitoring functionality,” CDT reports.

While companies like GoGuardian claim to use their surveillance tools to mitigate potential security threats and monitor students’ mental health, privacy experts warn that these tools put children in homo/transphobic states at risk of their data being weaponized by their educators and law enforcement.

“Schools can specifically ask these programs to flag any LGBTQ content,” says Eleni Manis, research director at the Surveillance Technology Oversight Project. “So school surveillance software is already in place to provide a dragnet for flagging kids who are LGBTQ, or just exploring their sexuality.”

In 2023, EFF found that GoGuardian software in the Lake Travis Independent School District in Texas flagged over 75 websites with the terms “transgender,” “LGBT,” “gay,” “homosexual,” “non-binary” or “queer” in the URL. Websites that were flagged included the Wikipedia pages for the Transgender Rights Movement and for the portrayal of transgender people in film; an article from The Guardian about transgender history; and a page about the Gay Men’s Chorus of Washington, D.C.

In addition to blocking kids from visiting LGBTQ-themed websites, states like Alabama have passed bills that require school personnel to inform parents if a minor expresses a gender identity that is inconsistent with their biological sex. School personnel can enforce these bills through the surveillance of school-owned devices.

“It’s going to disproportionately affect kids who are middle or low-income, kids who don’t have the resources to have their own private iPad or laptop,” says Manis. In states where gender-affirming care for kids is illegal, questions also arise surrounding what will be done with the data—will it be used to discipline the child or even shared with law enforcement?

Manis says this software turns schools into another branch of America’s invasive surveillance apparatus. “It’s very difficult for those programs to stop flagging LGBTQ students even if they want to. It’s the first place conservative, anti-trans or anti-LGBTQ districts can go to [for evidence],” she says.

Medical Records

Beyond the classroom, the medical information of child and adult patients is at risk of being compromised.

“Medical records give you a patient’s name, prescriptions, doctor’s name, practice name, everything that you need to launch an investigation or prosecution. Same thing for prescription records. Pharmacy’s prescription records will tell you who wrote a prescription, when it was filled, who filled it,” says Manis.

While patients speak frankly with their doctors based on confidentiality, there have been instances where local governments—and even doctors—have violated patients’ right to medical privacy in the name of criminal prosecutions.

In 2023, Dr. Eithan Haim, a Dallas surgeon, leaked sensitive data about children receiving transition-related care at Texas Children’s Hospital to a conservative activist who published the documents in a magazine.

Although what Dr. Haim did was illegal, the Department of Justice dropped their charges against him in January, the same week Trump passed the EO banning gender-affirming care for trans kids.

Additionally, in 2023, Vanderbilt University Medical Center handed over records for more than 100 current and former patients seeking transgender health care to Attorney General Jonathan Skrmetti as part of an investigation into possible violations of the Tennessee Medicaid False Claims Act.

“It’s a terrifying precedent because it works, even though it shouldn’t,” says Manis.

HIPAA laws permit disclosures of protected health information if they are made to prevent a serious and imminent threat to health or safety, creating a loophole for local governments to work around. “The loophole is large enough that when a law enforcement agency comes knocking at a hospital’s door and asks for medical records in connection with an ongoing investigation, states typically cooperate.”

In other words, if the Trump administration wanted to come for patients, there’s a model to follow, and HIPAA laws may not protect you.

Camera Surveillance

On top of all of this, automated license plate readers (ALPRs) are “commonplace” in policing. ALPRs are camera systems that capture the license plate data of passing vehicles. Nearly 90% of sheriff’s offices with more than 500 sworn deputies use ALPRs, as well as every single police department that serves over 1 million people.

“No specific federal legislative framework exists that governs federal law enforcement use of ALPRs,” according to a 2024 report by the Library of Congress. That means law enforcement agencies can access the data, store it for as long as they need, and officers are not required to demonstrate probable cause before accessing it.

A 2013 report by the American Civil Liberties Union found that license plate readers check plate numbers against “hot lists”—plates that have been uploaded to the system—to alert a law enforcement agency if a match appears. According to EFF, the data is often managed by private companies and data brokers.

In 2024, it was revealed that Sacramento authorities were collecting license plate data and sharing it with law enforcement agencies in other states. In their investigation, the Sacramento County Grand Jury expressed concern that the “data could be used to track individuals based on immigration status, place of worship, employment locations, or visits to places such as gun stores or hospitals. Particularly troubling was the potential sharing of ALPR data with other states whose citizens travel to California to seek an abortion, which has been banned or severely restricted in their home states.”

Share

“By using camera footage surveillance, you can track where people are going and you might see a person going to a clinic, or to an LGBTQ center and use that to aid an out-of-state prosecution saying a parent let their kid get gender-affirming care,” Femia says.

How Can You Maintain Your Privacy?

Despite the various ways you can be monitored, experts say individuals can protect themselves from digital surveillance by using encrypted messaging apps like Signal and more secure search engines like DuckDuckGo. They also recommend using Virtual Private Networks to encrypt your Internet traffic. Finally, they recommend turning your phone off when going to protests or other LGBTQ-themed events so data brokers can’t track your location.

But there’s only so much individuals can do. “It’s really important that we don’t fall into the trap of thinking that this is our fault and our problem to solve, or that you can protect your privacy just by changing some settings on your phone,” says Evan Greer, director of digital advocacy group Fight for the Future. “We need to fight for policies that protect people. … The reality is, this is a collective societal problem, and it should be addressed at a broad scale by enacting policies that protect people’s basic human rights.”

States like California and New York are passing shield laws to protect individuals and cement themselves as data sanctuary states. These laws give consumers more control over the personal information that businesses collect about them and limit the disclosure of their personal data to out-of-state entities.

But “the way data travels doesn’t respect state lines. So the idea that there are differing protections once you hit a state border is kind of silly,” Gardner says. “Any time the states, no matter how well-intentioned, are attempting to build data protections, they’re doing it on a wobbly table that really doesn’t have a base because there are [no comprehensive federal protections].”

Greer cites the European Union’s General Data Protection Regulation as an aspirational framework for the U.S. It’s a law enforced in 2018 that grants individuals the right to their personal data.

“What we really, really need is federal privacy protections. We need to enshrine rights to gender-affirming care in federal law. That’s the only thing that would truly protect trans and non-binary Americans. It doesn’t look like we’re gonna get that in the short run,” says Manis.

**For more information on how to control your data, the Digital Defense Fund has a presentation here.

If objective, nonpartisan, rigorous, LGBTQ-focused journalism is important to you, please consider making a tax-deductible donation through our fiscal sponsor, Resource Impact, by clicking this button:

Donate to Uncloseted Media