An earlier version of this article incorrectly said Hotjar did not respond to a request for comment. The article has been corrected and updated to include comments from its chief operating officer.
An investigation by Lockdown Privacy, the maker of an app that blocks online tracking, found that Planned Parenthood’s web scheduler can share information with a variety of third parties, including Google, Facebook, TikTok and Hotjar, a tracking tool that says it helps companies understand how customers behave. These outside companies receive data including IP addresses, approximate Zip codes and service selections, which privacy experts worry could be valuable to state governments looking to prosecute abortions.
In a video shared with The Washington Post, Lockdown founder Johnny Lin visited the Planned Parenthood website, opened the scheduling tool, input a Zip code and selected “surgical abortion” as a service. As he clicked around, a development tool let him see how data such as his IP address was being shared with Google, Facebook and many other third-party companies. Only the companies would know for sure how they use our data, but any data sitting on servers is vulnerable to potential cyberattacks or government subpoenas. In a criminal abortion case, an IP address would be pertinent because with the help of internet service providers, law enforcement can trace IP addresses back to individuals.
“This was absolutely shocking,” said Lin. “We’ve analyzed and reviewed the tracking behaviors of hundreds of apps and websites, and it’s rare to see this degree of carelessness with sensitive health data.”
Planned Parenthood spokeswoman Lauren Kokum said the organization uses trackers for its marketing efforts. She did not respond to questions about whether the organization plans to remove the marketing analytics from its scheduling page given new state-level abortion bans, or why trackers were running on the scheduling page in the first place.
“Marketing is a necessary part of Planned Parenthood’s work to reach people who are seeking sexual and reproductive health care, education, and information,” she said.
In a statement following The Post’s publication of Lockdown’s findings, Diana Contreras, chief health-care officer for Planned Parenthood Federation of America, said that “no scheduling or protected health information (PHI) has been breached.”
“Out of an abundance of caution, Planned Parenthood will suspend marketing pixels on webpages related to abortion search, and will be engaging with Meta/Facebook and other technology companies about how their policies can better protect people seeking abortion care," Contreras said in the statement to The Post.
The Supreme Court’s decision Friday in Dobbs v. Jackson Women’s Health Organization sparked fresh concern over the troves of digital data that companies collect every time we open an app, surf the web or carry our phones with us on a trip. In states where abortion becomes criminalized, will law enforcement turn to digital data from text messages, period apps and other sources as evidence of a crime, people have asked? Others have wondered what big data collectors like Facebook and Google would do if state governments served them subpoenas demanding they hand over their data.
Facebook, Google and TikTok declined to comment on how precisely they would respond to governments’ requests for data surrounding abortion. Hotjar chief operating officer Ken Weary said the company uses IP addresses to determine the country and only the country of the user. He said Hotjar’s source code “irreversibly masks the IP address so that an individual cannot be identified or associated with an activity.”
Data shared with Google
Data shared with Facebook
Data shared with TikTok
Source: Lockdown Privacy
“Advertisers should not send sensitive information about people through our business tools,” said Andy Stone, a spokesman for Meta, the company that owns Facebook. “Doing so is against our policies and we educate advertisers on properly setting up business tools to prevent this from occurring. When businesses do this, our filtering mechanism is designed to prevent potentially sensitive data it detects from entering our ads system. Based on our review, that happened here.”
Russell Ketchum, the director of Google Analytics, said organizations that use Google’s analytics product can delete their data at any time, adding that the latest version of its analytics tool, Google Analytics 4, automatically discards IP addresses.
As an organization that has long provided sensitive health-care services, Planned Parenthood should know better than to run third-party analytics on a scheduling page used by people in states with current or impending abortion bans, said Cooper Quintin, senior staff technologist at the privacy advocacy organization Electronic Frontier Foundation.
“It’s really irresponsible of Planned Parenthood to be creating more data about the visitors to the website and more trails of evidence about the people that are seeking their services,” he said. “Planned Parenthood needs to — right now, right this second — minimize the amount of data that they are sharing with any outside party and minimize the amount of data that they are keeping.”