As if people with uteruses didn’t have enough to worry about since the leaked Supreme Court draft opinion that signaled the end of Roe v. Wade, more information has come to light about shady data-sharing practices that impact just about everyone with a smartphone and that may put people seeking abortions or reproductive healthcare at risk.
Today, in a letter sent to the Federal Trade Commission (FTC) that was first shared exclusively with Refinery29, Sen. Amy Klobuchar (D-MN), Sen. Tammy Baldwin (D-WI), and 14 other senators asked what’s being done to stop “brokers selling location data that allows the buyer to see how many people visit a certain location and when, including how many people are seeking care at reproductive health clinics such as Planned Parenthood.”
“As reproductive rights are under attack across the country, we must do everything possible to protect the safety and privacy of women accessing the healthcare they need,” Sen. Klobuchar said in a statement to Refinery29. If Roe and the later Supreme Court decision Planned Parenthood v. Casey are overturned, up to 26 states are certain or likely to ban abortion, according to data from The Guttmacher Institute. Pregnant people and those who have abortions in these states may be particularly vulnerable to being targeted or criminalized if their data is used against them. “Personal decisions such as those about contraceptives or abortion should remain between a woman and her doctor, not some data company that is willing to share location tracking information to the highest bidder,” Sen. Klobuchar told Refinery29.
Location data is often collected by apps on our smartphones, including weather, prayer, or fertility and period tracking apps — yes, even apps that don’t need our locations to operate (unlike Google Maps) can pick them up anyway. We often enable location data sharing for apps without even thinking about it or realizing what that entails. Once it’s collected, it can be sold — to anyone. In fact, data that showed where people were coming from before going to abortion clinics, how long their visit to the clinic was, and where they went afterward was bought in a journalistic investigation by Motherboard for only $160. Separately, Motherboard reported that a location data firm provided "heat maps” on its website showing where Planned Parenthood patients live. (Motherboard is owned by Vice Media Group, the same parent company as Refinery29.)
The senators who signed the letter to the FTC noted they were specifically concerned about such incidents because data location has historically been used to identify individuals. For example, Vice Media reported how Christian outlet called The Pillar published a story using location data to follow a priest and subsequently, publicly out him as possibly gay without his consent. Refinery29 asked editors for The Pillar for comment, but they didn’t provide one by press time.
In one Motherboard article, reporters bought the location data regarding abortion clinics from a company called SafeGraph. The information they obtained handled a considerably small set of data, which would theoretically make the “deanonymization of those people easier,” according to the article. This information could be used for nefarious tracking purposes. A hypothetical example: Missouri has considered a law that would make it illegal to “aid or bet” out-of-state abortion. So, theoretically, if someone lived there and their data ended up in the wrong hands and they were identified, folks who helped them have an abortion could be potentially criminalized under future laws.
In a response to Refinery29’s request for comment, SafeGraph sent a statement saying they strive “to be a super transparent company” and that they do not provide data on individuals. Shortly after the Motherboard article came out, the company removed certain data related to Planned Parenthood and similar clinics from specific parts of their website where people can purchase data; they’ve also released a statement about the issue. The company sharing the heat maps, Placer.ai, did not return Refinery29's request for comment, but made it so users couldn't find Planned Parenthood-related data on its website after Motherboard reached out for comment.
If you want to beef up your digital security game, check out If/When/How and the Repro Legal Helpline for best practices on protecting data, especially around your sexual and reproductive health decisions. The Digital Defense Fund and Hackblossom’s DIY Guide To Feminist Cybersecurity are also great resources. Planned Parenthood pointed Refinery29 to a few of these resources when asked for comment. Another tip: You can go into your phone’s settings and turn off location services. Quentin Palfrey, president of the International Digital Accountability Council, also recommends deleting apps when you're done using them.
Big picture, Palfrey says there is an “urgent need” for location sharing and digital security reform, especially because many companies have historically used bad practices or purposefully skirted the rules. “There’s a patchwork of rules that don’t really protect consumers that are based on the legal fiction that users are reading through these jargon-filled monstrosities of privacy policies.” If you’ve never skimmed one of these policies without really reading it, props.
Palfrey recommends that Congress pass a law and set a national standard for baseline privacy that sets a clear set of rules for the protection of data, with stronger protections for sensitive categories of health data. (Legislators, including Sen. Klobuchar, previously introduced the Consumer Online Privacy Rights Act which would further protect privacy rights for consumers.) “The law isn’t structured to protect consumers and some of what we’re seeing is a consequence of that,” Palfrey says.
“We should demand of companies that they treat our most sensitive data with respect,” he adds. “We’re in a scary world.”