Facebook Enables Anti-Abortion Clinics to Collect Data on Would-Be Patients

Facebook collects sensitive data about abortion seekers. It then allows anti-abortion organisations to use that data to target and influence individuals online, in violation its own policies.

In the wake a leaked Supreme Court opinionThis could signal the end of national abortion protections, privacy experts are sounding alarms about all the ways people’s data trails could be used against them if some states criminalize abortion.

A joint investigation by RevealThe Center for Investigative Reporting The Markup found that the world’s largest social media platform is already collecting data about people who visit the websites of hundreds of crisis pregnancy centers, which are quasi-health clinics, mostly run by religiously aligned organizations whose mission is to persuade people to choose an option other than abortion.

Meta, Facebook’s parent company, prohibits websites and apps that use Facebook’s advertising technology from sending Facebook “sexual and reproductive health” data. After investigations by The Wall Street Journal2019 New York state regulatorsIn 2021, social media will be a major player created a machine-learning systemto detect sensitive health data and block data that contains any of the 70,000 terms related to health.

But Reveal and The Markup have found Facebook’s code on the websites of hundreds of anti-abortion clinics. Use BlacklightReveal used a Markup tool to detect cookies, keyloggers, and other types user-tracking technology on web sites. Reveal analysed the sites of nearly 2,500 crisis pregnancy centers – with data provided by the University of Georgia – and found that at least 294 shared visitor information with Facebook. In many cases, the information was extremely sensitive – for example, whether a person was considering abortion or looking to get a pregnancy test or emergency contraceptives.

In a statement Reveal The Markup, Facebook spokesperson Dale Hogan said: “It is against our policies for websites and apps to send sensitive information about people through our Business Tools,” which includes its advertising technology. “Our system is designed to filter out potentially sensitive data it detects, and we work to educate advertisers on how to properly set up our Business Tools.” Facebook declined to answer detailed questions about its filtering systems and policies on data from crisis pregnancy centers. It’s unknown whether the filters caught any of the data, but our investigation showed a significant amount made its way to Facebook.

Using Meta’s Privacy Center, we found that Facebook captured Reveal reporter Grace Oldham requesting an appointment at the Pregnancy Resource Center of Owasso in Oklahoma.
Using Meta’s Privacy Center, we found that Facebook captured Reveal reporter Grace Oldham requesting an appointment at the Pregnancy Resource Center of Owasso in Oklahoma.

More than a third of the websites sent data to Facebook when someone made an appointment for an “abortion consultation” or “pre-termination screening.” And at least 39 sites sent Facebook details such as the person’s name, email address or phone number.

Facebook tracks data from crisis pregnancy centers using a tool called the Meta PixelThe Pixel works regardless of whether someone is logged in to Facebook. The Pixel is largely an advertising tool that allows businesses to do things like buy Facebook ads targeted to people who have visited their website or to people who share similar interests or demographics with their site’s other visitors. The targeting of specific users is done automatically and the business doesn’t have access to any data. It’s not clearHow these data are used in the future

Businesses and crisis pregnancy centers can decide whether to install Pixel on the websites of their clients. However, many website builders and third party services embed trackers automatically. The Markup will be available for 2020. found that 30%Facebook claims that 80% of the 80,000 most visited sites use the ad tracking tool. millions of PixelsYou can find them on all kinds of websites. Facebook claims that Pixel data can be stored for years.

This personal data can be used in many ways. The centers can offer targeted advertising on Facebook or elsewhere that aims to deter individuals from having an unplanned pregnancy. It can be used to build anti-abortion ad campaigns – and spread misinformation about reproductive health – targeted at people with similar demographics and interests. In the worst-case scenario, experts in privacy think that the digital trail could even be used against abortion seekers in states that outlaw the procedure.

“I think this is going to be a wake-up call for millions of Americans about how much danger this tracking puts them in when laws change and people can weaponize these systems in ways that once seemed impossible,” said Albert Fox Cahn, founder and executive director of the New York-based Surveillance Technology Oversight Project.

Facebook and crisis pregnancy centers “are operating with virtually no rules,” he said.

Facebook has policies and filtersThey are supposed to protect sensitive personal data. But the platform’s filters have often proven to be porous against the vast amount of information they take in every day. The company is now requiring advertising clients to monitor the platform.

And Facebook does not have an incentive to crack down on violations of its advertising policies, said Serge Egelman, research director of the Usable Security & Privacy Group at UC Berkeley’s International Computer Science Institute. “That costs them money to do. As long as they’re not legally obligated to do so, why would they expend any resources to fix this?”

Using Data to Make Abortion “Unthinkable”

Crisis pregnancy centers market themselves as being in the “pregnancy resource” business, offering a range of free or low-cost services from pregnancy tests to baby clothing and “options consultations.” But their mission, articulated by Heartbeat International, the largest crisis pregnancy center network in the world, is far more sweeping: “to make abortion unwanted today and unthinkable for future generations.”

While many centers look like medical clinics, they are not licensed medical facilities. Consequently, most centers are not required to adhere to privacy protections that prevent the sharing of personal medical information, such as the federal Health Insurance Portability and Accountability Act (HIPAA).

Crisis pregnancy centers have become more sophisticated in targeting people through digital tools and infrastructure over the past few years. Heartbeat International, for instance, has developed a suite of products that can be used to help individual centers improve their online presence and digital advertising. These online tools allow the centers to build a community. highly personal informationYou can also share your medical history, as well as details about previous pregnancies, and even photos of ultrasounds, with anti-abortion partners.

Heartbeat International’s marketing page states that it is a “heartbeat organization”. data management system: “Big data is revolutionizing all sorts of industries. Why shouldn’t it do the same for a critical ministry like ours?”

When asked about Heartbeat International’s data-sharing practices, spokesperson Andrea Trudden said, “Heartbeat International encourages all pregnancy help organizations to utilize a variety of marketing to reach those seeking pregnancy help.” But, she said, “we do not require affiliates to provide such details to us.”

Also, crisis pregnancy centers have been known to spread misleading or false information about abortion, contraceptives, and other reproductive health topics via Facebook. The Center for Countering Digital Hate discovered that Facebook had displayed ads in 2021 promoting an unproven medical procedure called abortion pill reversal. as many as 18.4 million times. Many of those advertisements were linked to Heartbeat International’s Abortion Pill Rescue Network project, which did not respond to a request for comment.

How we tracked the data

Reveal reporter Grace Oldham created in late April a new Facebook account to test how Facebook and crisis pregnant centers use the data that the Pixel collects. After logging in to Facebook, she visited 294 crisis pregnancy centers websites Blacklight had found to have a Pixel. She then filled out appointment request forms on each site. Oldham did the research in a clean browser that had cleared its cache.

In early May, she and Reveal data reporter Dhruv Mehrotra used Meta’s Privacy CenterTo downloadReview the data from the clean Facebook account. They found that Facebook retained data about Oldham’s interactions with 88% of those crisis pregnancy center websites, linking her behavior to her Facebook profile. Facebook knew Oldham had made an appointment at the Pregnancy Resource Center in Owasso, Oklahoma. That state’s Republican governor, Kevin Stitt, signed a lawIn May, the Owasso center banned virtually all abortions at the point of fertilization. It took effect immediately. The Owasso center did not respond to a request for comment, but after we reached out, Facebook’s tracking Pixel was removed from every page on the center’s website.

Our analysis showed that in states that will ban most or all abortionsAt least 120 crisis pregnancy centres sent data about their website visitors to Facebook in the event Roe V. Wade is overturned. Tennessee is one example. Human Life Protection Act is poised to outlaw abortion statewide, Facebook retained data from Oldham’s interactions with 11 centers. Next Steps Resources in Dunlap provided data to Facebook about every page Oldham visited on its website. Facebook stored this data and knew Oldham had submitted an appointment request to the center. Next Steps’ executive director, Debbie Chandler, told Reveal The Markup that the people she hired to manage her website and marketing disagreed that “any private information was being sent to Facebook.”

An appointment request form on the website of Next Steps Resources, a crisis pregnancy center in Dunlap, Tennessee.
Next Steps Resources has an appointment request form available on their website. They are a crisis pregnancy center located in Dunlap, Tennessee.

We also found that anti-abortion marketing companies gained access to some of Oldham’s Pixel data, even though she never interacted with their websites. These included Choose Life Marketing, whose website claims to help crisis pregnancy centers develop digital strategies to “reach more abortion-minded women,” and Stories Marketing, a social media marketing company for “pregnancy centers and life-affirming organizations.” Those organizations also added Oldham’s Facebook profile to customHer audience can be targeted by ads for their services and anti-abortion messages. Stories Marketing and Choose Life Marketing have not responded to our requests for comment.

The marketing companies explain why Facebook plays an important part in their digital strategy through their online materials. “Facebook ads have the highest return on investment (ROI) of any type of online marketing – even twice the ROI of Google Ads,” Stories Marketing says, adding: “Facebook ads can also be placed on Instagram and other apps for free, extending your reach at no extra cost.” According to Choose Life: “Retargeting is an effective method of keeping your center at the forefront of their minds. … This digital marketing method can also help build credibility and trust as women go through the decision-making process because your center’s name becomes familiar to them.”

Our first analysis was conducted in February. In May, we repeated the process using the same methodology. Both analyses produced similar results. As of Tuesday, Facebook still had data about Oldham’s interactions on crisis pregnancy center websites.

Abortion Data Collection “Ripe for Abuse”

Cahn, from the Surveillance Technology Oversight Project expressed concern about how law enforcement agencies could use Facebook to locate people seeking abortions in the event that the procedure becomes illegal in certain states. “It’s ripe for abuse,” he said of Facebook’s data collection. “It seems indefensible to me that we are allowing companies to have so much power to expose our most intimate moments to these platforms and have them use it against us.”

Law enforcement agencies have been hammering tech companies like Uber and Google with a variety of charges in recent years. demands for user data. Often, these legal requests don’t target individual suspects but instead compel the company to divulge data about people in a particular place or searches using specific keywords. The most recent data is from Facebook’s Transparency CenterThe company received almost 60,000. Government requests for data were made between July 2021 and December 2021. 88% of these requests were fulfilled.

Although crisis pregnancy centers could provide law enforcement with data about anyone who had voluntarily provided personal information, they probably don’t have the technology to disclose specific information about individuals who had merely visited their websites. Facebook is different. Because the social media company can link activity on a crisis pregnancy center site to an individual’s profile, Facebook is in a much better position to divulge granular data about the center’s website visitors than the center itself.

In 2018, a criminal case involved data from search engine history. a Mississippi woman was indictedFor second-degree murder in the aftermath of a home pregnancy loss. The evidence included internet searches the woman had allegedly conducted for how to “buy Misoprostol abortion pill online.” The charges eventually were dropped.

“There’s nothing to stop police from using Facebook ad-targeting data the same way they’ve been using Google’s data, as a mass digital dragnet,” Cahn said.

Laura Lazaro Cabrera (a London-based lawyer) Privacy InternationalAccording to, even metadata (such as URL titles or webpage titles) can be very informative. “Think about what you can learn from a URL that says something about scheduling an abortion,” she said. “Facebook is in the business of developing algorithms. They know what sorts of information can act as a proxy for personal data.”

Fixing the Problem with Facebook

Privacy experts have been warning for years that Facebook’s laissez-faire attitude toward how clients use its advertising technology is vulnerable to exploitation. After The Wall Street JournalNew York state regulators exposed the way that Facebook collected sensitive user information from popular health apps that track everything from heart rates and menstrual cycles. Facebook claimed to have sophisticated filtering mechanisms in place to prevent it taking in sensitive data. According to the Journal, the filters were supposed to block “70,000 terms related to topics such as sexual health and medical conditions.”

But our investigation found that Facebook has continued to ingest data from webpages with obvious sexual health information – including ones with URLs that include phrases such as “post-abortion,” “i-think-im-pregnant” and “abortion-pill.”

Despite Facebook’s official policy prohibiting websites from sending it sensitive health information, it’s unclear what, if anything, the platform does to educate its advertising clients about the policy and proactively enforce it.

Facebook could use its existing filters to stop anti-abortion groups from using its ad technology. Or it could discontinue the Pixel tool altogether. But the reality, said Egelman of UC Berkeley, is that the company’s $115 billion a yearAdvertising revenue creates a financial disincentive to block user data.

“This is their business. The more data they get, the more targeted advertising they can do, and that’s the gravy train for them: targeted ads,” he said. “If they’re proactive about cutting off sites like that, it impacts their revenue in multiple ways.”

Egelman believes that public pressure and tough legislation are the best ways to fix the situation, even if Facebook does not take action. That’s what happened last year, when critical backlash prompted Meta-owned Instagram to shelve its plans for a kids’ version of its social media software.

Although there is no federal data privacy legislation in the United States, it does exist. draft of a bill called the American Data Privacy and Protection Act was released in early June that, if passed, could increase the Federal Trade Commission’s power to regulate and enforce how companies can use sensitive health data. It is up to the state legislatures to pass consumer privacy protections until then.

Brandie Nonnecke was the founding director of CITRIS Policy Lab at UC Berkeley. Digital Services Act. The new guidelines, which are currently awaiting formal approval from the European Parliament and EU Council will require large online platforms like Facebook and search engines to proactive identify ways their systems can be misused and create strategies to prevent it.

“We’re not in a place where there is robust enough transparency and accountability on these data ecosystems and how they’re being used,” she said, “and especially the vulnerabilities to individuals.”

This story was written by Surya Mattu and Byard Duncan. It was edited by Nina Martin and Soo Oh, Rina Patela, Andrew Donohue, and Nikki Frick.

This story was created by RevealThe Center for Investigative Reporting is a non-profit news organization. Learn more at revealnews.orgSubscribe to their weekly newsletter revealnews.org/newsletter.