Contacting an abortion clinic online may put your personal information at risk

In 2015, prosecutors in Indiana arrested a woman on infanticide charges after she self-induced an abortion. Their evidence included her text messages with a friend about obtaining drugs to cause an abortion.

In 2017, prosecutors in Mississippi accessed a woman’s browser search history — she had been looking for the words abortion pill — to charge her with murder for “killing her infant child.”

In January, prosecutors in Texas arrested a woman after she went to a hospital for complications from a self-induced abortion. The hospital reported her to authorities.

» READ MORE: Protections for abortion providers and patients get the OK from a Philly City Council committee

These examples, while isolated, illustrate why abortion-rights activists have been raising an alarm about privacy issues after the U.S. Supreme Court ruling in June striking down a national right to the procedure. And now, a group of researchers, including two affiliated with the University of Pennsylvania, has issued a new warning.

The researchers, in an article published in a journal of the American Medical Association, used software to survey the websites of more than 200 abortion providers across the nation representing the majority of the clinics that provide more than 850,000 abortions yearly in the United States. They found that 99% of the websites had installed so-called third-party trackers to pick up information about their visitors to pass on to marketing and web-analysis firms. Nearly 70% also placed cookies on users’ home computers to help gather data, the research found.

Some even have dozens of trackers on their sites.

A key worry, said Penn researcher Matthew S. McCoy, is that these outside parties “may not have the same commitment to privacy that a provider might have.” The concern is that prosecutors and police, even if resisted or rebuffed by the clinics, might demand and obtain clients’ personal information from the clinics’ data partners.

» READ MORE: Voters cited abortion as a key issue in Pennsylvania’s first election since ‘Roe’ was overturned

Such third-party trackers are ubiquitous on the web. They are key to helping all manner of sites gather important information about the users who visit them. Both profit-making and nonprofit sites can use the trackers to figure out what outreach works and what doesn’t. The trackers are the reason people who search for a particular item online often find ads for that product popping up on their screens.

“It’s not that people have no reason for installing these things.,” McCoy said. “But they don’t realize the downside.”

As Ari B. Friedman, another author of the report from Penn, noted, “One of the challenges of regulating this is there are billions of dollars of ad revenue at stake.”

He added: “We kind of have allowed ourselves as a society to let our guard down about the amount of data being collected.”

According to McCoy and Friedman, clinics could bolster privacy by simply using fewer trackers or by working out deals with third parties under which information is anonymized, or stripped of identifying details, or destroyed once it has been used for analysis or marketing.

McCoy and Friedman are senior fellows at Penn’s Leonard Davis Institute of Health Economics, a health-policy think tank. McCoy is a health-policy and ethics expert. Friedman is also an emergency-room doctor. The other authors of the September article were Rachel Gonzales, a research coordinator with the emergency medicine department at Penn, and Lujo Bauer, a computer expert at Carnegie Mellon University.

» READ MORE: Planned Parenthood is America’s largest abortion provider. Most Philadelphians who go there aren’t ending a pregnancy.

In a statement Thursday, Kevin Williams, vice president for digital products at Planned Parenthood Federation of America, said it had tightened privacy to address “increased fear that people’s sexual and reproductive health-care decisions are being policed.” He said it had cut back on marketing software and was talking with tech companies such as Google and Meta about ways to improve security.

In June, the Washington Post cited analysis of Planned Parenthood’s site by Lockdown Privacy, a San Francisco firm that makes an app that blocks online tracking. Johnny Lin, the founder of Lockdown Privacy, said technical scrutiny showed that Planned Parenthood had indeed reduced its number of trackers over the last few months.

“They have improved dramatically, because what they were doing before was egregiously bad,” Lin said last week.

Lin said clinics had to keep their privacy measures in step with a more challenging political and law-enforcement climate. Too often, he said, they were “not thinking about how the state of the world has changed, so these tools became dangerous for these clinics.”

Planned Parenthood also said any data it shared with Google Analytics, a leading firm, are rendered anonymous. And it said it runs regular “pen tests,” or penetration checks, to make sure its sites can’t be hacked.

In July, Google issued a statement saying it would tweak its software so that it did not retain location information about visits to certain types of websites. The giant firm cited abortion clinics, as well as counseling centers, domestic-violence shelters, fertility centers, addiction-treatment facilities, weight-loss clinics, and cosmetic-surgery clinics. Executives also said that its latest version of its analytics tool, Google Analytics 4, lets users delete data at any time. It also automatically discards IP addresses.

Ken Weary chief operating officer for Hotjar, another tracking company, said his Malta-based firm adheres to Europe’s tough privacy laws. Like Google Analytics, he said, his firm can produce analytical data about users without keeping their IP addresses.

“We take a very privacy-centric approach,” he said, adding, “A lot of our customers demand it.”