The organization left marketing trackers to work on its planning pages
June 29, 2022 at 11:29 a.m. EDT
Proponents of abortion rights applaud in front of a planned parenting clinic during a demonstration on June 24 in West Hollywood, California (Jae C. Hong / AP) Substitute as the article loads
IN The decision of the Supreme Court last week the repeal of the nationwide right to abortion in the United States may have sent anxious people to invade the Planned Parenthood website to learn about nearby clinics or scheduled services.
But if they have used the organization’s online planning tool, it seems that Planned Parenthood can share people’s location – and in some cases even their chosen abortion method – with large technology companies.
An investigation by Lockdown Privacy, the maker of an app that blocks online tracking, found that the Planned Parenthood web planner could share information from various third parties, including Google, Facebook, TikTok and Hotjar, a tracking tool that says it helps companies understand how customers behave. These external companies receive data, including IP addresses, approximate zip codes, and a selection of services, that privacy experts fear may be valuable to government governments seeking to prosecute abortion.
In a video shared with The Washington Post, Lockdown founder Johnny Lynn visited the Planned Parenthood website, opened the planning tool, entered a zip code, and chose “surgical abortion” as a service. As he clicked around, a development tool allowed him to see data such as his IP address being shared with Google, Facebook, and many other third-party companies. Only companies would know for sure how they use our data, but all data hosted on servers is vulnerable to potential cyberattacks or government subpoenas. In the case of a criminal abortion, an IP address would be appropriate because, with the help of ISPs, law enforcement authorities can trace IP addresses back to individuals.
“It was absolutely shocking,” Lynn said. “We have analyzed and reviewed the tracking behavior of hundreds of applications and websites, and this degree of inattention with sensitive health data is rare.”
Planned Parenthood spokeswoman Lauren Kokum said the organization uses trackers for its marketing efforts. She did not answer questions about whether the organization plans to remove marketing analytics from its planning page given the new state-level abortion bans or why trackers are being implemented on the planning page in the first place.
“Marketing is a necessary part of Planned Parenthood’s work to reach people who are looking for sexual and reproductive health, education and information,” she said.
The decision of the Supreme Court of Friday in Dobbs v. Jackson Women’s Health Organization has raised new concerns about the vast amount of digital data that companies collect every time we open an app, surf the web, or carry our phones with us on a trip. In countries where abortion is becoming criminalized, will law enforcement turn to digital data from text messages, periodic applications and other sources as evidence of a crime, people ask? Others wondered what big data collectors like Facebook and Google would do if state governments handed them subpoenas asking them to pass on their data.
Facebook, Google and TikTok declined to comment on exactly how much they would respond to government requests for abortion-related data. Hotjar did not respond to a request for comment.
- IP address
- Visited site
- Behavior on the site
- Reason for visiting the site (eg “abortion”)
- User-selected abortion method (eg surgical abortion / clinic)
- Browser time zone
- Name of the health center for planned parenting for appointment
- The current evaluation of the user’s zip code based on IP address
- The nearest branch of the user based on the postal code
- Time stamp
- Whether the user came from a search engine, link, or entered the URL directly
- Customer ID (According to Google’s documentation, “This identifies a specific user, device, or browser instance alike. For the network, this is usually stored as a first-party cookie for two years.”)
- Browser language
Data shared with Facebook
- IP address
- Visited site
- Behavior on the site
- Time stamp
- Unique identifier of the Facebook browser
- IP address
- Visited site
- Behavior on the site
- Phone type
- Operating system and version
- Browser and version
- Time stamp
“Advertisers don’t have to send sensitive information about people through our business tools,” said Andy Stone, a spokesman for Meta, the company that owns Facebook. “This is against our rules and we are training advertisers to set up business tools properly to prevent this. When companies do this, our filtering mechanism is designed to prevent potentially sensitive data that it detects from entering our advertising system. Based on our review, this happened here. ”
Russell Ketchum, director of Google Analytics, said organizations that use Google’s analytics product could delete their data at any time, adding that the latest version of the analytics tool, Google Analytics 4, automatically rejects IP addresses. .
As an organization that has long provided sensitive health services, Planned Parenthood should know better than performing third-party analytics on a planning page used by people in states with current or impending abortion bans, said Cooper Quintin, senior. staff technologist at the Electronic Frontier Foundation.
“It’s really irresponsible for Planned Parenthood to create more data for website visitors and more evidence of people seeking their services,” he said. “Planned parenting must – right now, right now – minimize the amount of data they share with each outside party and minimize the amount of data they store.
Are you looking for an abortion? Here’s how to avoid leaving a digital mark.
Add Comment