Location data from Planned Parenthood and other clinics that offer abortion services has been made available for purchase by a data firm, an investigation from Motherboard found this week. The data being sold included where groups of people visiting clinics came from, where they went after, and how long they spent at the clinics.
Motherboard was able to purchase one of these datasets from SafeGraph, a data-sourcing company, for just $160. Less than two hundred bucks and the publication had its hands on Planned Parenthood visitor data for 600 clinic locations across the United States.
Following the publication of Motherboard’s investigation, SafeGraph announced it would no longer be selling data categorized as “family planning centers.” The company writes:
“We don’t have any indication that this data has ever been used for bad purposes. We have had many academics that have used this type of data for really good purposes. Taking away this data will impact many academics that want to study this topic (like understanding the impact of legislation on family planning visits). We acknowledge that our decision to take down Patterns for family planning centers could negatively impact this valuable research, but we think this is the right decision given the current climate.”
Despite its obvious privacy issues, buying and selling location data is actually 100 percent legal. In fact, government agencies don’t even have qualms about partaking in this practice themselves. While data firms like SafeGraph do “anonymize” their data, cybersecurity researchers have proven on more than one occasion that individual people can be picked out of these datasets.
The potential for location data to be used for harm skyrockets when it corresponds to a high-tension issue like abortion.
Totally legal — The U.S. is sorely lacking in data collection legislation. There just aren’t any federal laws that unilaterally stop firms from buying and selling user data, and these businesses aren’t even required to notify users when that data changes hands.
Many of the apps we use on a daily basis are collecting data in the background; that data can then be sold to marketing companies to use for personalized advertisements, for example. Other companies (like SafeGraph) sort and package the data they’ve purchased to then be sold to anyone who wants it.
In this case, Motherboard was able to purchase data specifically related to Planned Parenthood because SafeGraph categorizes the nonprofit as a brand. SafeGraph also offers data packages for “family planning centers,” many of which offer abortion services.
Stay vigilant — Since the U.S. government is by no means prioritizing the passage of data collection laws, some companies have attempted to give users more say in when their data is collected. Apple’s App Tracking Transparency is perhaps the most notable of these initiatives — and also a notable failure.
Federal oversight is sorely needed. Tech companies have shown many times over that they’re unable to protect users on their own.
While that’s still on the back burner, though, we must all grapple with the fact that this data is being collected, whether or not we’re aware of it. It’s not difficult to see how, in the wrong hands, data about abortion clinic visitors could be used for malicious purposes.
In the meantime, we’d definitely suggest checking out resources like Surveillance Self-Defense’s privacy guides — this one on attending protests teaches lessons that can be useful for protecting yourself from all kinds of data-tracking.