Plan C is a top abortion pill resource. It’s also sharing data with Facebook and Google.

PlanCPills.org uses third-party ad trackers that convey sensitive information about people seeking abortion pills. Doing without them may be “an impossible ask.”

Protestors with abortion pill banner

Despite precautions, Plan C is sending some of that very digital evidence it warns about to third parties.

Photo: Chip Somodevilla/Getty Images

The team behind PlanCPills.org has clearly thought a lot about how to protect people who come to the site seeking information about where to find abortion pills online. Plan C, which was launched in 2015 by reproductive health experts, directs visitors to a legal helpline and warns them about the relevant laws in their state. It tests online pharmacies before recommending them and offers case studies of people who have been punished for taking abortion pills.

It also links to tools like Signal and Tor that people can use to keep their communications private, and it warns Plan C visitors of the risks of digital evidence being used against them. These resources are critical in the post-Roe reality, during which visits to the site have grown from a little over 54,000 visitors in March to more than 447,000 in May, when the Dobbs decision leaked.

But what those visitors probably don’t know is that, despite its precautions, Plan C is also sending some of that very digital evidence it warns about to third parties.

According to Johnny Lin, founder of the tracker blocking app Lockdown Privacy, Plan C's site contains trackers that transmit information to Facebook and Google, including visitors’ IP addresses, the URLs they’re browsing — which can contain the state in which they’re seeking abortions — and unique identifiers that are then used to optimize and retarget ads later on. Plan C discloses this, as well as the fact that it may share personal information in response to law enforcement requests, in its privacy policy. But that policy is, as with most privacy policies, buried at the bottom of the site where visitors are unlikely to see or read it.

Since Roe v. Wade was overturned, tech giants including Meta and Google have faced mounting questions about how they plan to protect user data in the wake of the decision. And rightly so. Text messages and Google searches have already been used to prosecute women in the U.S. accused of having abortions illegally. In response to this pressure, Google announced earlier this month that it would begin deleting location data linked to abortion clinics.

But Lin’s findings regarding Plan C suggest that even the most cautious organizations working to enable abortion access in the U.S. may need to rethink seemingly small decisions about how their websites function, the vendors they rely on and the data they collect and share. “My research should not be interpreted as a ham-fisted, ‘Hey, these websites are bad and run by bad people,’” Lin said. “They are just using the off-the-shelf tools that are fairly common. But the issue now that Roe has been overturned is: Do these off-the-shelf tools become more of a liability than a benefit?”

In a statement to Protocol, Plan C co-founder and digital director Amy Merrill said, “We know that digital privacy and security is a serious concern in the U.S. right now, as extremist politicians attempt to pass unjust laws that criminalize access points to safe abortion care. We at Plan C are concerned as well. We are responding to the situation and working with experts to shore up the digital privacy of visitors to our website.”

Especially companies that are more firmly embedded in the abortion access space need to really reevaluate how they’re going to protect user data.

But these findings aren’t unique to the organization. Late last month, Lin made a similar discovery on Planned Parenthood’s site — albeit with even more data being shared. After The Washington Post published Lin’s findings, Planned Parenthood said it would remove marketing trackers from pages related to abortion searches and begin “engaging with Meta/Facebook and other technology companies about how their policies can better protect people seeking abortion care."

Meanwhile, Hey Jane, a telehealth site that provides abortion pills by mail in six states, also recently removed its user review section as well as Meta’s Pixel tracker from its site as the company determines “how to best mitigate potential risks to our patients and providers,” CEO Kiki Freedman told Protocol.

The truth is the web is blanketed with trackers. Some 75% of websites — including Protocol’s — use them. While privacy experts have expressed concern about third-party tracking for years and companies like Apple are working to limit it, the new abortion restrictions sweeping the country make the stakes of the sometimes squishy data privacy debate abundantly clear.

“The concern is real,” said Daly Barnett, staff technologist at the Electronic Frontier Foundation. “Especially companies that are more firmly embedded in the abortion access space need to really reevaluate how they’re going to protect user data.”

That may be easier said than done for sites like Plan C that are already dealing with a seismic shift in the legal system and don’t have large in-house tech teams to focus on these concerns. Plan C was built with Webflow, a no-code web development tool that Lin warns may not take into account the sensitive nature of its clients’ businesses. “Obviously, the developers of this website have no malicious intent,” Lin said. “But by building websites with no-code tools like Webflow, developers may find that they are not only sacrificing customizability, but also privacy, in exchange for convenience and speed.”

Webflow chief marketing officer Shane Murphy-Reuter said in a statement that Webflow advises customers not to use its services for health data, and that in Plan C’s case, the company isn’t explicitly processing health data: It’s just directing visitors to other sites where they can actually procure pills. Still, Murphy-Reuter said Webflow “makes every effort” to minimize disclosure to law enforcement and government agencies and is updating its policies and controls “to reflect this new horrifying reality in which we all find ourselves.”

While any organization that collects user data in relation to abortion access is vulnerable to legal requests, sharing that data with third parties like Meta and Google can also expand the surface area of risk, said Cynthia Conti-Cook, a civil rights attorney and technology fellow at the Ford Foundation. “Data retention policies and how long that [data] is around is different for different types of organizations,” she said. “And the information can be much more easily accessed through companies like Meta.”

While Meta says it won’t fulfill overly broad legal requests, it does operate a portal for law enforcement. In some cases, both Google and Meta respond to emergency requests from law enforcement, even without a legal order, when they believe there’s a risk of imminent harm or death. Recently, Bloomberg reported that Meta and Apple handed over user data to hackers in response to a forged emergency request.

But while the privacy risk of sharing potentially sensitive data with third parties is clear for an organization like Plan C, so are the costs of opting out of the most basic types of digital marketing. After all, at a time when clinics are shutting down across the country, getting information out through digital ads is crucial. “It is critical for patients to be aware that telemedicine abortion services like Hey Jane exist as other care options are put under extreme strain,” Freedman said. “In fact, only one in four Americans know the abortion pill is a safe, legal, effective option for ending early pregnancies. We’ve found that the best way to reach people seeking out safe abortion care is via the channels they’re already on.”

Suggesting that sites like Hey Jane and Plan C forgo tools that just about every other company and organization uses in their marketing is “an impossible ask,” said Conti-Cook. “What people give up if they don’t have those types of website supports is they give up the ease with which people can find them,” she said.

And yet, web analytics and marketing tools that were routine just a few months ago are now “trip wires” in states where abortion is criminalized, Conti-Cook said.

There are ways that visitors can protect themselves from having their information collected. As Plan C notes in the digital security suggestions on its own site, there are private browsers and VPNs. “We have been advised that the best protection a person can give themselves is to secure their own data privacy and footprint,” Merrill of Plan C said in her statement. “We urge anyone concerned about their digital privacy to take steps directly on their devices to protect themselves.”

But these precautions put a burden on individuals that they shouldn’t have to bear, said Sara Geoghegan, a law fellow at the Electronic Privacy Information Center. “It shouldn’t be any individual person’s responsibility to protect their own data from data abuses,” she said. “But it is the unfortunate reality of our current legal landscape.”


Google TV will gain fitness tracker support, wireless audio features

A closer integration with fitness trackers is part of the company’s goal to make TVs a key pillar of the Android ecosystem.

Making TVs more capable comes with increasing hardware and software requirements, leading Google to advise its partners to build more-capable devices.

Photo: Google

Google wants TV viewers to get off the couch: The company is working on plans to closely integrate its Android TV platform with fitness trackers, which will allow developers to build interactive workout services for the living room.

Google representatives shared those plans at a closed-door partner event last month, where they painted them as part of the company’s “Better Together” efforts to build an ecosystem of closely integrated Android devices. As part of those efforts, Google is also looking to improve the way Android TV and Google TV devices work with third-party audio hardware. (Google launched Android TV as an Android-based smart TV platform in 2014; in 2020, it introduced Google TV as a more content-centric smart TV experience based on Android TV.)

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Sponsored Content

How Global ecommerce benefits American workers and the U.S. economy

New research shows Alibaba’s ecommerce platforms positively impact U.S. employment.

The U.S. business community and Chinese consumers are a powerful combination when it comes to American job creation. In addition to more jobs, the economic connection also delivers enhanced wages and a growing GDP contribution on U.S. soil, according to a recent study produced by NDP Analytics.

Alibaba — a leading global ecommerce company — is a particularly powerful engine in helping American businesses of every size sell goods to more than 1 billion consumers on its digital marketplaces in China. In 2020, U.S. companies completed more than $54 billion of sales to consumers in China through Alibaba’s online platforms.

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.

What the fate of 9 small tokens means for the crypto industry

The SEC says nine tokens in the Coinbase insider trading case are securities, but they are similar to many other tokens that are already trading on exchanges.

While a number of pieces of crypto legislation have been introduced in Congress, the SEC’s moves in court could become precedent until any legislation is passed or broader executive actions are made.

Illustration: Christopher T. Fong/Protocol

When the SEC accused a former Coinbase employee of insider trading last month, it specifically named nine cryptocurrencies as securities, potentially opening the door to regulation for the rest of the industry.

If a judge agrees with the SEC’s argument, many other similar tokens could be deemed securities — and the companies that trade them could be forced to be regulated as securities exchanges. When Ripple was sued by the SEC in late 2020, for example, Coinbase chose to suspend trading the token rather than risk drawing scrutiny from federal regulators. In this case, however, Coinbase says the nine tokens – seven of which trade on Coinbase — aren’t securities.

Keep Reading Show less
Tomio Geron

Tomio Geron ( @tomiogeron) is a San Francisco-based reporter covering fintech. He was previously a reporter and editor at The Wall Street Journal, covering venture capital and startups. Before that, he worked as a staff writer at Forbes, covering social media and venture capital, and also edited the Midas List of top tech investors. He has also worked at newspapers covering crime, courts, health and other topics. He can be reached at tgeron@protocol.com or tgeron@protonmail.com.


Werner Vogels: Enterprises are more daring than you might think

The longtime chief technology officer talked with Protocol about the AWS customers that first flocked to serverless, how AI and ML are making life easier for developers and his “primitives, not frameworks” stance.

"We knew that if cloud would really be effective, development would change radically."

Photo: Amazon

When AWS unveiled Lambda in 2014, Werner Vogels thought the serverless compute service would be the domain of young, more tech-savvy businesses.

But it was enterprises that flocked to serverless first, Amazon’s longtime chief technology officer told Protocol in an interview last week.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.


Dark money is trying to kill the Inflation Reduction Act from the left

A new campaign is using social media to target voters in progressive districts to ask their representatives to vote against the Inflation Reduction Act. But it appears to be linked to GOP operatives.

United for Clean Power's campaign is a symptom of how quickly and easily social media allows interest groups to reach a targeted audience.

Photo: Anna Moneymaker/Getty Images

The social media feeds of progressive voters have been bombarded by a series of ads this past week telling them to urge their Democratic representatives to vote against the Inflation Reduction Act.

The ads aren’t from the Sunrise Movement or other progressive climate stalwarts, though. Instead, they’re being pushed by United for Clean Power, a murky dark money operation that appears to have connections with Republican operatives.

Keep Reading Show less
Lisa Martine Jenkins

Lisa Martine Jenkins is a senior reporter at Protocol covering climate. Lisa previously wrote for Morning Consult, Chemical Watch and the Associated Press. Lisa is currently based in Brooklyn, and is originally from the Bay Area. Find her on Twitter ( @l_m_j_) or reach out via email (ljenkins@protocol.com).

Latest Stories