Third-Party Tracking on Abortion Clinic Websites Sparks Data Privacy Concerns

September 13, 2022 - Researchers discovered third-party tracking tools on the majority of analyzed abortion clinic websites, raising data privacy concerns, according to a research letter published in JAMA Internal Medicine.

Although tracking tools are commonplace on the internet, the Supreme Court’s decision in Dobbs raised significant concerns over the confidentiality of abortion-related data, which some fear could be used to incriminate people who obtain abortions. Sharing data with third-party entities that may not hold themselves to the same strict privacy standards potentially puts that data at risk.

The researchers analyzed 414 abortion clinics and 244 unique web pages (since some clinics shared common web pages) based on the National Abortion Federation clinic list. After accounting for broken links, researchers narrowed in on 223 accessible web pages, 221 of which included a third-party data transfer. Additionally, 69 percent of pages included a third-party cookie.

Researchers detected data transfers to 290 unique third-party domains owned by just 66 parent entities. Google and Meta topped the list of the most prevalent tracking entities on abortion clinic web pages. The data transfers typically included a user’s IP address and the web page that was visited.

“This code is installed by website maintainers, typically to add functionality, such as advertisement campaign monitoring or social media linkage,” the research letter stated.

“However, such code may allow advertisers, social media companies, and other entities to record when someone visits an abortion clinic’s website and how they navigate that site. Routinely linked with other data, this browsing history could contribute to evidence that someone has sought an abortion.”

This data alone is not enough evidence that a person obtained an abortion, and the presence of a tracker on any website is not inherently malicious. However, now that the stakes are higher in regard to abortion data, it is more imperative than ever that sensitive data stay out of the wrong hands.

“To protect patient privacy, abortion clinics should audit their websites to identify and remove third-party trackers. Browsing data are not protected under the Health Insurance Portability and Accountability Act; those seeking abortions should follow US Department of Health and Human Services guidance to protect their privacy by installing tracking-blocking browser extensions and adjusting privacy settings on browsers and smartphones,” the research letter suggested.

The findings highlighted the importance of third-party risk management and further underscored the need to safeguard health information.