You scheduled an abortion. Planned Parenthood’s website could tell Facebook.

The organization left marketing trackers running on its scheduling pages

Abortion rights supporters cheer outside a Planned Parenthood clinic during a demonstration June 24 in West Hollywood, Calif. (Jae C. Hong/AP)

An earlier version of this article incorrectly said Hotjar did not respond to a request for comment. The article has been corrected and updated to include comments from its chief operating officer.

The Supreme Court’s decision last week overturning the nationwide right to an abortion in the United States may have sent worried people flooding to Planned Parenthood’s website to learn about nearby clinics or schedule services.

But if they used the organization’s online scheduling tool, it appears Planned Parenthood could share people’s location — and, in some cases, even the method of abortion they selected — with big tech companies.

An investigation by Lockdown Privacy, the maker of an app that blocks online tracking, found that Planned Parenthood’s web scheduler can share information with a variety of third parties, including Google, Facebook, TikTok and Hotjar, a tracking tool that says it helps companies understand how customers behave. These outside companies receive data including IP addresses, approximate Zip codes and service selections, which privacy experts worry could be valuable to state governments looking to prosecute abortions.

Big Tech silent on data collection as workers call for post-Roe action

In a video shared with The Washington Post, Lockdown founder Johnny Lin visited the Planned Parenthood website, opened the scheduling tool, input a Zip code and selected “surgical abortion” as a service. As he clicked around, a development tool let him see how data such as his IP address was being shared with Google, Facebook and many other third-party companies. Only the companies would know for sure how they use our data, but any data sitting on servers is vulnerable to potential cyberattacks or government subpoenas. In a criminal abortion case, an IP address would be pertinent because with the help of internet service providers, law enforcement can trace IP addresses back to individuals.

“This was absolutely shocking,” said Lin. “We’ve analyzed and reviewed the tracking behaviors of hundreds of apps and websites, and it’s rare to see this degree of carelessness with sensitive health data.”

Planned Parenthood spokeswoman Lauren Kokum said the organization uses trackers for its marketing efforts. She did not respond to questions about whether the organization plans to remove the marketing analytics from its scheduling page given new state-level abortion bans, or why trackers were running on the scheduling page in the first place.

“Marketing is a necessary part of Planned Parenthood’s work to reach people who are seeking sexual and reproductive health care, education, and information,” she said.

In a statement following The Post’s publication of Lockdown’s findings, Diana Contreras, chief health-care officer for Planned Parenthood Federation of America, said that “no scheduling or protected health information (PHI) has been breached.”

“Out of an abundance of caution, Planned Parenthood will suspend marketing pixels on webpages related to abortion search, and will be engaging with Meta/Facebook and other technology companies about how their policies can better protect people seeking abortion care," Contreras said in the statement to The Post.

The Supreme Court’s decision Friday in Dobbs v. Jackson Women’s Health Organization sparked fresh concern over the troves of digital data that companies collect every time we open an app, surf the web or carry our phones with us on a trip. In states where abortion becomes criminalized, will law enforcement turn to digital data from text messages, period apps and other sources as evidence of a crime, people have asked? Others have wondered what big data collectors like Facebook and Google would do if state governments served them subpoenas demanding they hand over their data.

Facebook, Google and TikTok declined to comment on how precisely they would respond to governments’ requests for data surrounding abortion. Hotjar chief operating officer Ken Weary said the company uses IP addresses to determine the country and only the country of the user. He said Hotjar’s source code “irreversibly masks the IP address so that an individual cannot be identified or associated with an activity.”

Data shared with Google

  • IP address
  • Site visited
  • Behavior on the site
  • Reason for visiting site (e.g., “abortion”)
  • User’s selected method of abortion (e.g., surgical abortion/in-clinic)
  • Browser time zone
  • Name of the Planned Parenthood Health Center for appointment
  • User’s current Zip code estimation based on IP address
  • User’s closest affiliate based on Zip code
  • Time stamp
  • Whether the user came from a search engine, a link or typed the URL directly
  • Client ID (According to Google’s documentation, “This pseudonymously identifies a particular user, device, or browser instance. For the web, this is generally stored as a first-party cookie with a two-year expiration.”)
  • Browser language

Data shared with Facebook

  • IP address
  • Site visited
  • Behavior on the site
  • Time stamp
  • Unique Facebook browser ID

Data shared with TikTok

  • IP address
  • Site visited
  • Behavior on the site
  • Phone type
  • Operating system and version
  • Browser and version
  • Time stamp

Source: Lockdown Privacy

“Advertisers should not send sensitive information about people through our business tools,” said Andy Stone, a spokesman for Meta, the company that owns Facebook. “Doing so is against our policies and we educate advertisers on properly setting up business tools to prevent this from occurring. When businesses do this, our filtering mechanism is designed to prevent potentially sensitive data it detects from entering our ads system. Based on our review, that happened here.”

Russell Ketchum, the director of Google Analytics, said organizations that use Google’s analytics product can delete their data at any time, adding that the latest version of its analytics tool, Google Analytics 4, automatically discards IP addresses.

As an organization that has long provided sensitive health-care services, Planned Parenthood should know better than to run third-party analytics on a scheduling page used by people in states with current or impending abortion bans, said Cooper Quintin, senior staff technologist at the privacy advocacy organization Electronic Frontier Foundation.

“It’s really irresponsible of Planned Parenthood to be creating more data about the visitors to the website and more trails of evidence about the people that are seeking their services,” he said. “Planned Parenthood needs to — right now, right this second — minimize the amount of data that they are sharing with any outside party and minimize the amount of data that they are keeping.”

Seeking an abortion? Here’s how to avoid leaving a digital trail.

Help Desk: Making tech work for you

Help Desk is a destination built for readers looking to better understand and take control of the technology used in everyday life.

Take control: Sign up for The Tech Friend newsletter to get straight talk and advice on how to make your tech a force for good.

Tech tips to make your life easier: 10 tips and tricks to customize iOS 16 | 5 tips to make your gadget batteries last longer | How to get back control of a hacked social media account | How to avoid falling for and spreading misinformation online

Data and Privacy: A guide to every privacy setting you should change now. We have gone through the settings for the most popular (and problematic) services to give you recommendations. Google | Amazon | Facebook | Venmo | Apple | Android

Ask a question: Send the Help Desk your personal technology questions.