16 Senators Push FTC: What Are You Doing to Protect Location Data of Women Seeking Abortions?

A group of 16 senators has written to the Federal Trade Commission looking for answers on what the agency will do to protect data of women and their health choices in the wake of likely changes to the legality of abortion. The letter comes in direct response to an investigation by Motherboard that found a company called SafeGraph was selling location data of people who visited Planned Parenthood facilities that provide abortion services and other family planning centers.

“We write to express serious concerns regarding recent reports identifying data brokers buying and selling location data that include personal data related to family planning and abortion services. We respectfully request additional information on what steps the Federal Trade Commission (FTC) is taking to ensure data brokers are not collecting, bing, or selling sensitive location data that put people, particularly those seeking medical attention, at risk,” the letter, signed by Sens. Amy Klobuchar, Tammy Baldwin, Kirsten Gillibrand, Catherine Cortez Masto, Dianne Feinstein, Mazie K. Hirono, Tammy Duckworth, Elizabeth Warren, Tina Smith, Cory A. Booker, Alex Padilla, Bernie Sanders,  Edward J. Markey, Mark R. Warner, Richard Blumenthal, and Richard J. Durbin, reads. 

Refinery29 first reported news of the letter (Refinery29 is owned by the same parent company as Motherboard).

As part of the investigation Motherboard purchased $160 worth of data from SafeGraph related to more than 600 Planned Parenthood clinics across the country. The data was aggregated, meaning it didn’t specify where an individual device moved to. But researchers have repeatedly warned about the possibilities of unmasking individuals in anonymized datasets, and, more pressingly, even aggregated data makes it possible to see if a certain clinic is receiving visitors from outside their state, information that could be used by law enforcement or vigilantes to target facilities.

“SafeGraph is going to be the weapon of choice for anti-choice radicals attempting to target ‘out-of-state clinics’ providing medical care,” Zach Edwards, a cybersecurity researcher who closely tracks the data-selling marketplace told Motherboard in an online chat at the time after reviewing the data. In the wake of Motherboard’s report, SafeGraph removed Planned Parenthood and family planning center data from public purchase. 

The senators’ letter adds that “additional measures need to be taken to protect personal data and ensure the privacy of women as they make decisions that should be between them and their doctors.” The senators then specifically asks the FTC what measures it is taking to ensure individuals have the right to review and remove their information online, and what assistance it will offer if their data is sold or is impacted in a breach; as well as what is the FTC to coordinate with the Department of Justice, states, and local authorities, health care providers, and private entities “to prevent data brokers and others from gaining access to the personal information and their healthcare decisions?”

Juliana Gruenwald Henderson, a spokesperson for the FTC, confirmed the agency had received the letter but did not provide further comment.

Motherboard has also reported that a second location-data provider called Placer.ai was selling similar data, and that a data marketplace called Narrative was selling information about who downloaded period tracking apps. Both companies removed access to the data after Motherboard contacted each company.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.