Phones Know Who Went to an Abortion Clinic. Whom Will They Tell?

bnew

Veteran
Joined
Nov 1, 2015
Messages
41,837
Reputation
7,092
Daps
129,901

Myriad state restrictions on accessing or performing abortions prompt some companies to pledge not to share sensitive mobile-phone data​



The Supreme Court did more than overrule Roe v. Wade and allow states to ban abortion. The court showed how it views rights that aren't explicitly mentioned in the Constitution. WSJ’s Jess Bravin explains. Illustration: Ryan Trefes
By Patience Haggin
Follow

Aug. 7, 2022 8:03 am ET


In May, shortly after the draft of the Supreme Court opinion overturning Roe v. Wade became public, location-data specialist Tapestri Inc. received unusual requests from two companies.

Each wanted to purchase mobile-device data that would reveal users who had visited abortion clinics along the Illinois-Missouri border, said Tapestri Chief Executive Walter Harrison.

Tapestri declined both requests, saying it doesn’t keep such data. “In our view that’s the best way to do it: just not collecting it at all,” Mr. Harrison said.

The Supreme Court’s June decision in Dobbs v. Jackson Women’s Health Organization, which has been followed by a wave of state laws banning or restricting abortion, is drawing attention to the $10 billion-plus market for people’s mobile-phone location data. The industry is made up of an array of companies, from big tech firms to data aggregators and brokers who buy and sell the information. Every day, connected devices such as smartphones and fitness trackers gather a trail of location data that eventually finds its way into that under-the-radar marketplace. The data often is used for commercial purposes such as customizing ads or apps.

Since the Supreme Court’s Dobbs ruling, companies across the location-data industry are examining and in some cases revising how they handle data regarding visits to abortion clinics. Some are agreeing voluntarily not to sell the data or say they will store it in ways that mask the location. Some such as Tapestri, which pays consumers for sharing their anonymized location history, delete any health-related location information that they deem to be sensitive.

Opponents of the court’s ruling and privacy advocates say personal reproductive health data could be publicized or used to build a legal case against people seeking or providing abortions. “These kinds of requests for user data are going to sharply increase,” said Jennifer Lynch, surveillance litigation director at the Electronic Frontier Foundation, a digital-rights advocacy group.

A CEO of one location-data firm said the privacy advocates’ fears are overblown, in part because the data is often imprecise and could be challenged in court. Some industry executives and researchers say restricting the collection and use of the data might prohibit other uses, such as studying how people access healthcare.
About a dozen states have enacted laws that ban many or most abortions, and several others are expected to pass similar measures. A few states, including Texas, have provided financial incentives for people to bring civil lawsuits against those suspected of aiding abortions.

Thus far there have been few, if any, criminal or civil investigations since states’ abortion bans were enacted, in part because abortion providers in those states have generally ceased performing the procedure if there is any ambiguity about its legality.

Concerns over collection and storage of reproductive health data is the latest challenge for the location-data industry, which over the past few years has faced scrutiny from lawmakers and regulators. Data-privacy laws in California and other states in recent years have placed new restrictions on the companies, such as requiring companies to give consumers the right to opt out of having their data sold.

The Federal Trade Commission last month said it would strictly enforce laws governing the collection, use and sharing of sensitive consumer data. “The misuse of mobile location and health information— including reproductive health data—exposes consumers to significant harm,” wrote Kristin Cohen, acting associate director for the commission’s division of privacy and identity protection.

Without clear regulations for the location-data industry’s data on abortion clinics, individual companies are determining how to respond to the implications of the Supreme Court ruling.


Alphabet Inc.’s Google recently said it would automatically delete visits to abortion clinics from its users’ location history.

Apple Inc. says it minimizes collection of personal data and that most location data is stored in ways the company can’t access. It has no way to access Health and Maps app data for people using updated operating systems, and can’t provide such data in response to government requests, the company says.

The vast location-data ecosystem includes many other lesser-known companies that are taking a different approach. A trade group for some of those firms, Network Advertising Initiative, announced a new set of voluntary standards for member companies in June, two days before the Dobbs ruling came out.

Participating companies, including Foursquare Labs Inc., Cuebiq Inc. and Precisely Inc.’s PlaceIQ, agreed not to use, sell or share precise location data about visits to sensitive locations—including abortion clinics—except to comply with a legal obligation.

Some privacy experts said the companies’ pledges won’t be enough to protect people who seek or provide abortions. “They really shouldn’t be collecting unnecessary data in the first place,” said Sara Geoghegan, law fellow at Electronic Privacy Information Center. “And some sort of scout’s honor promise is no substitute for enforced privacy rights or legal limits on data processing.”

Foursquare, Cuebiq and PlaceIQ receive raw latitude and longitude coordinates from the many smartphone apps that embed location-tracking technology, then match that information with a directory of locations to try to determine whether a person visited a particular restaurant, movie theater or other business.

Under the new standards, when the coordinates indicate an abortion clinic or other sensitive location, like a place of religious worship or military base, the companies won’t make that connection in their databases. They might still store the raw coordinates of places where the users visited. Representatives for several other firms said they would follow similar practices.


Some users of abortion-clinic location data say restricting the collection and use of the data would disrupt research projects. Location-data company Gravy Analytics Inc., an NAI member that chose not to follow the new standards, wrote in a blog post that “a wholesale blackout” of mobility data for sensitive locations would cut off valuable data used in analytical and research work.

Martin Andersen, an associate professor of economics at the University of North Carolina at Greensboro, relied on mobile-location data provided by SafeGraph Inc. to study how Texas residents accessed abortion services after the state’s new law went into effect. Mr. Andersen downloaded aggregated, anonymized data free from SafeGraph.

In May 2022, SafeGraph removed data on family-planning centers from its self-serve data offerings. It did so “in light of potential federal changes in family planning access,” SafeGraph’s chief executive, Auren Hoffman, wrote in a blog post.

“We acknowledge that our decision to take down Patterns for family planning centers could negatively impact this valuable research, but we think this is the right decision given the current climate,” Mr. Hoffman wrote.

Cuebiq plans to legally challenge any court order or law-enforcement request related to reproductive healthcare, a Cuebiq spokesman said.

Stacey Gray, director of legislative research and analysis at Future of Privacy Forum, said companies that retain the raw geographic coordinates of users’ visits would still be subject to law-enforcement requests.

Moreover, she said, it might be difficult for companies to ascertain whether a law-enforcement request concerns abortion. Authorities might simply say they are seeking information on an individual suspected of wrongdoing—without specifying that abortion was the alleged infraction.

Location data has been used to target abortion seekers before. In 2017, the Massachusetts attorney general alleged that Copley Advertising LLC had violated consumer-protection laws when it aimed antiabortion ads at women who were sitting in abortion clinic waiting rooms, then served ads to the women’s mobile devices for up to 30 days afterward. Copley settled the allegations and agreed not to practice such targeting in Massachusetts.

Location data is just one of many sources of data that could be used to build a case against those who seek or provide abortions. Other such data include users’ text messages and search histories. Still other data is commercially available through the digital-ad market, such as menstruation history and anonymized data on a person’s medical procedures
.
 
Top