Facebook Is Helping Anti-Abortion Clinics Collect Highly Sensitive Personal Data

We look at the fight for privacy rights in a post-Roe America amid concerns that anti-abortion activists could use identifying data from online platforms like Facebook to target abortion seekers. Investigative reporter Grace Oldham describes how this data is already being used by medically unlicensed “crisis pregnancy centers” that actively lure patients to discourage them from seeking abortions. These anti-abortion clinics put people who are considering an abortion at risk to misinformation on reproductive health, or worse, open them to criminal prosecution, says Oldham, whose recent report for Reveal is headlined “Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients.”

TRANSCRIPT

This is a rush transcript. Copy may not be in its final form.

AMY GOODMAN: As states move to criminalize abortion, we’re going to look now at growing calls to protect online privacy. I’m Amy Goodman, with Juan González.

As fears grow that authorities could use online data to prosecute people who violate statewide abortion bans, the Electronic Frontier Foundation has warned, quote, “those seeking, offering, or facilitating abortion access must now assume that any data they provide online or offline could be sought by law enforcement.” This comes as Reveal from The Center for Investigative Reporting has exposed how Facebook is collecting ultrasensitive personal data about abortion seekers and enabling anti-abortion organizations to use that data as a tool to target and influence people online.

We’re going to go first to Grace Oldham. Grace Oldham is a Howard fellow for Reveal, where her recent investigation is headlined “Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients.”

Welcome to Democracy Now!, Grace. So, lay this out for us. Talk about everything from period trackers, you know, menstrual period trackers, to what people say and look for online, and how it can be used against them.

GRACE OLDHAM: Yes, absolutely. Thanks so much for having me.

So, yeah, as laws are changing now across the country, there are increased warnings about the risks of how people’s data online could be used against them if abortion is criminalized in their state. And so, in our investigation, we were specifically looking at crisis pregnancy centers. We’ve been investigating crisis pregnancy centers at Reveal for months now. And they’re quasi-health clinics that are run by anti-abortion organizations with the main goal to deter or delay people from getting an abortion. And because they’re not licensed medical facilities, the data they collect on people they interact with, either online or in person, isn’t protected in the same way other health data might be. And so, we were curious what’s happening to that data and how might it be used, again, as laws are changing across the country.

So we started looking at what type of ad-tracking technology these websites — these organizations use on their websites, and found that hundreds of crisis pregnancy websites across the country use an ad-tracking technology that shares information with Facebook. And, you know, as you said, it’s ultrasensitive data. In many cases, it includes information as specific as whether the person is considering an abortion, their pregnancy status, if they were scheduling an abortion consultation, and even in some cases names, emails and phone numbers. Of course, you know, this poses a particular risk if abortion is criminalized or outlawed in states, and it gives key indications about whether a person is considering an abortion. And amassing that on a platform like Facebook creates particular avenues for law enforcement to potentially use that information. And so, yes, this is one among many potential risks created by data that is amassed online.

JUAN GONZÁLEZ: But, Grace, these crisis pregnancy centers, if they’re collecting basically a person’s individual medical information, even if they’re not licensed, aren’t they covered by HIPAA laws in terms of being able to divulge to others personal data on individuals?

GRACE OLDHAM: Yeah, so, actually, these — most crisis pregnancy centers are not covered by HIPAA, and that’s because they’re not licensed medical facilities, and they do not charge for their services. So, because they’re not covered by HIPAA, that data is not protected in the same way that it might be if it was through a hospital or something like that. And so, you know, that was one of our main questions in starting this reporting, is, OK, if they’re collecting really sensitive data about people, you know, online in forms asking questions like when was the date of a person’s last menstrual period, or in person, you know, ultrasound photos, the results of pregnancy tests. And so, we had started really researching what happens to that data once it’s collected by these centers.

AMY GOODMAN: These —

JUAN GONZÁLEZ: And—

AMY GOODMAN: Go ahead, Juan.

JUAN GONZÁLEZ: But wouldn’t it be possible to at least require them to disclose to the people that are giving information that they are not licensed and that the information they’re giving can be shared with others? Isn’t there a disclosure requirement at least, or shouldn’t there be one?

GRACE OLDHAM: Yes. In some cases, the crisis pregnancy centers do mark on their websites when they are not licensed, but often that’s tucked away into — deep into a privacy policy where, you know, a person not doing like an extensive dive into the website would find it. And there was also a Supreme Court case several years ago that would have — that overturned a requirement in California for crisis pregnancy centers to state whether they are medical facilities. And so, they’re positioned now more than ever to, you know, make that not have that be as clear as some consumer protections require.

AMY GOODMAN: And, Grace, it’s reported around the country that they’ll often locate themselves next to, for example, a Planned Parenthood clinic and look like that clinic, so people get confused and are not exactly clear where they’re walking in. But I wanted to ask you about Meta — right? — the new name for Facebook. What measures are they taking for protecting privacy? Did they speak to you?

GRACE OLDHAM: Right. So, you know, Meta has policies against collecting sensitive data, specifically including sexual and reproductive health data. And in the past several years, there’s been reporting and a state investigation which found that, you know, their advertising systems is, essentially, quite porous around the vast information that’s collected by Meta every day on websites across the country.

And so, you know, we found that in the case of these crisis pregnancy centers, hundreds of them are sharing this information with Facebook, and Facebook is ingesting that data. In response to a New York State Department of Financial Services investigation, Facebook created filtering mechanisms with several thousand key terms — I think it’s something like 70,000 key terms — that are supposed to block anything that would be considered sensitive data, although in URLs that we found with “pregnancy” or “abortion” in them, data was still collected from those sites. So we sent a list of questions to Facebook, specifically questions around their policies around data collected from crisis pregnancy centers and whether that data would be shared with law enforcement. And we did not get a response to those questions, and we have not seen change since the publish of our story in terms of if the data of the sites that we identified has been purged.

AMY GOODMAN: Grace Oldham, I wanted to bring Daly Barnett into this conversation, a staff technologist at the Electronic Frontier Foundation, which recently published a set of digital privacy guidelines for abortion providers and abortion seekers on how to protect their information. We’re going to break and then come back to this conversation. We’re speaking with Daly Barnett and Grace Oldham. Stay with us.