When SSL certificates are expired, all traffic to the backend is unencrypted. Therefore, all constituent personal data is essentially transmitting unencrypted.