Our concerns about the selling and misuse of location data for those seeking reproductive and gender healthcare are escalating amid a recent wave of cases and incidents demonstrating that the digital trail we leave is being used by anti-abortion activists.
The good news is some states and tech companies are taking steps to better protect location data privacy, including information that endangers people needing or seeking information about reproductive and gender-affirming healthcare.
We know more must be done-by pharmacies, our email providers, and lawmakers-to plug gaping holes in location data protection.
Location data is highly sensitive, as it paints a picture of our daily lives-where we go, who we visit, when we seek medical care, or what clinics we visit.
That's what makes it so attractive to data brokers and law enforcement in states outlawing abortion and gender-affirming healthcare and those seeking to exploit such data for ideological or commercial purposes.
Sen. Ron Wyden recenty disclosed that vendor Near Intelligence allegedly gathered location data of people's visits to nearly 600 Planned Parenthood locations across 48 states, without consent.
The Wisconsin-based group used the geofenced data to send mobile ads to people who visited the clinics.
It's hardly a leap to imagine that law enforcement and bounty hunters in anti-abortion states would gladly buy the same data to find out who is visiting Planned Parenthood clinics and try to charge and imprison women, their families, doctors, and caregivers.
Police in Idaho, where abortion is illegal, used cell phone data in an investigation against an Idaho woman and her son charged with kidnapping.
The data showed that they had taken the son's minor girlfriend to Oregon, where abortion is legal, to obtain an abortion.
The exploitation of location data is not the only problem.
Exploitation of location and healthcare data to target communities could easily expand to other groups working to protect bodily autonomy, especially those most likely to suffer targeted harassment and bigotry.
With states passing and proposing bills restricting gender-affirming care and state law enforcement officials pursuing medical records of transgender youth across state lines, it's not hard to imagine them buying or using location data to find people to prosecute.
In 2022, California enacted two laws protecting abortion data privacy and preventing California companies from sharing abortion data with out-of-state entities.
Massachusetts lawmakers have proposed the Location Shield Act, which would prohibit the sale of cellphone location information to data brokers.
Of course, tech companies have a huge role to play in location data privacy.
A study by AccountableTech testing Google's pledge said the company wasn't living up to its promises and continued to collect and retain location data from individuals visiting abortion clinics.
Accountable Tech reran the study in late 2023 and the results were again troubling-Google still retained location search query data for some visits to Planned Parenthood clinics.
Users who want to keep the entries could choose to back up the data to the cloud, where it would be automatically encrypted and out of reach even to Google.
These changes would appear to make it much more difficult-if not impossible-for Google to provide mass location data in response to a geofence warrant, a change we've been asking Google to implement for years.
This Cyber News was published on www.eff.org. Publication date: Fri, 15 Mar 2024 18:43:05 +0000