The Planned Parenthood website shares your data with Google, others

The organization left marketing trackers running on its planning pages

Abortion rights supporters cheer outside a family planning clinic during a June 24 protest in West Hollywood, California. (Jae C. Hong/AP)
Placeholder while loading article actions

The The Supreme Court decision last week overturning the national abortion law in the United States may have sent concerned people to the Planned Parenthood website to learn about nearby clinics or schedule services.

But if they used the organization’s online planning tool, it appears Planned Parenthood could share people’s locations — and, in some cases, even the abortion method they chose — with other people. big tech companies.

An investigation by Lockdown Privacy, the creator of an app that blocks online tracking, found that Planned Parenthood’s web planner can share information with a variety of third parties, including Google, Facebook, TikTok and Hotjar, a tracking tool that says it helps companies understand customer behavior. These outside companies receive data, including IP addresses, approximate zip codes and service selections, which privacy experts say could be useful to state governments seeking to prosecute abortions.

Big Tech silent on data collection as workers call for post-Roe action

In a video shared with The Washington Post, Lockdown founder Johnny Lin visited the Planned Parenthood website, opened the planning tool, entered a zip code, and selected “surgical abortion” as the service. As he clicked, a developer tool allowed him to see how data such as his IP address was shared with Google, Facebook, and many other third-party companies. Only companies would know for sure how they are using our data, but all data hosted on servers is vulnerable to potential cyberattacks or government subpoenas. In a criminal abortion case, an IP address would be relevant because, with the help of internet service providers, law enforcement can trace IP addresses back to individuals.

“It was absolutely shocking,” Lin said. “We analyzed and reviewed the tracking behaviors of hundreds of apps and websites, and it’s rare to see such a degree of negligence with sensitive health data.”

Planned Parenthood spokeswoman Lauren Kokum said the organization uses trackers for its marketing efforts. She did not respond to questions about whether the organization planned to remove marketing analytics from its planning page in light of new state-level abortion bans, or why trackers worked on the planning page. in the first place.

“Marketing is a necessary part of Planned Parenthood’s work to reach people seeking sexual and reproductive health care, education and information,” she said.

The Supreme Court’s decision on Friday in Dobbs v. Jackson Women’s Health Organization has sparked new concerns about the treasure troves of digital data that companies collect every time we open an app, browse the web or take our phones with us on trips. In states where abortion becomes criminalized, will law enforcement turn to digital data from text messages, menstrual apps and other sources as evidence of a crime, the people asked? Others wondered what big data collectors like Facebook and Google would do if state governments served them with subpoenas demanding they hand over their data.

Facebook, Google and TikTok declined to comment on how accurately they would respond to government requests for abortion data. Hotjar did not respond to a request for comment.

  • IP adress
  • Website visited
  • Behavior on the site
  • Reason for visiting the site (e.g. “abortion”)
  • User-selected abortion method (e.g., surgical/in-clinic abortion)
  • Browser time zone
  • Name of family planning health center for appointment
  • Current estimate of user’s ZIP code based on IP address
  • User’s closest affiliate based on postal code
  • Timestamp
  • Whether the user came from a search engine, a link, or typed the URL directly
  • Client ID (According to Google documentation, “This pseudonymously identifies a particular user, device, or browser instance. For the web, it is typically stored as a first-party cookie with a two-year expiration.”)
  • Browser language

Data shared with Facebook

  • IP adress
  • Website visited
  • Behavior on the site
  • Timestamp
  • Unique Facebook Browser ID
  • IP adress
  • Website visited
  • Behavior on the site
  • phone type
  • Operating system and version
  • Browser and version
  • Timestamp

“Advertisers should not send sensitive information about people through our business tools,” said Andy Stone, spokesperson for Meta, the company that owns Facebook. “This is against our policies and we teach advertisers how to properly configure business tools to prevent this from happening. When companies do this, our filtering mechanism is designed to prevent potentially sensitive data from being passed on to them. detect to enter our advertising system. According to our review, it happened here.

Russell Ketchum, director of Google Analytics, said organizations using Google’s analytics product can delete their data at any time, adding that the latest version of its analytics tool, Google Analytics 4, automatically deletes addresses. IP.

As an organization that has a long history of providing sensitive healthcare services, Planned Parenthood should know not to run third-party analytics on a planning page used by people in states where abortion is banned. currently or imminently, said Cooper Quintin, senior technologist at privacy organization Electronic Frontier Foundation.

“It’s really irresponsible of Planned Parenthood to create more data about website visitors and more evidence leads about people who seek out their services,” he said. “Planned Parenthood must – right now, right now – minimize the amount of data they share with any outside parties and minimize the amount of data they retain.”

Looking for an abortion? Here’s how to avoid leaving a digital trail.

Leave a Comment