The team behind PlanCPills.org has clearly thought a lot about how to protect people who come to the site seeking information about where to find abortion pills online. Plan C, which was launched in 2015 by reproductive health experts, directs visitors to a legal helpline and warns them about the relevant laws in their state. It tests online pharmacies before recommending them and offers case studies of people who have been punished for taking abortion pills.
It also links to tools like Signal and Tor that people can use to keep their communications private, and it warns Plan C visitors of the risks of digital evidence being used against them. These resources are critical in the post-Roe reality, during which visits to the site have grown from a little over 54,000 visitors in March to more than 447,000 in May, when the Dobbs decision leaked.
But what those visitors probably don’t know is that, despite its precautions, Plan C is also sending some of that very digital evidence it warns about to third parties.
According to Johnny Lin, founder of the tracker blocking app Lockdown Privacy, Plan C's site contains trackers that transmit information to Facebook and Google, including visitors’ IP addresses, the URLs they’re browsing — which can contain the state in which they’re seeking abortions — and unique identifiers that are then used to optimize and retarget ads later on. Plan C discloses this, as well as the fact that it may share personal information in response to law enforcement requests, in its privacy policy. But that policy is, as with most privacy policies, buried at the bottom of the site where visitors are unlikely to see or read it.
Since Roe v. Wade was overturned, tech giants including Meta and Google have faced mounting questions about how they plan to protect user data in the wake of the decision. And rightly so. Text messages and Google searches have already been used to prosecute women in the U.S. accused of having abortions illegally. In response to this pressure, Google announced earlier this month that it would begin deleting location data linked to abortion clinics.
But Lin’s findings regarding Plan C suggest that even the most cautious organizations working to enable abortion access in the U.S. may need to rethink seemingly small decisions about how their websites function, the vendors they rely on and the data they collect and share. “My research should not be interpreted as a ham-fisted, ‘Hey, these websites are bad and run by bad people,’” Lin said. “They are just using the off-the-shelf tools that are fairly common. But the issue now that Roe has been overturned is: Do these off-the-shelf tools become more of a liability than a benefit?”
In a statement to Protocol, Plan C co-founder and digital director Amy Merrill said, “We know that digital privacy and security is a serious concern in the U.S. right now, as extremist politicians attempt to pass unjust laws that criminalize access points to safe abortion care. We at Plan C are concerned as well. We are responding to the situation and working with experts to shore up the digital privacy of visitors to our website.”
Especially companies that are more firmly embedded in the abortion access space need to really reevaluate how they’re going to protect user data.
But these findings aren’t unique to the organization. Late last month, Lin made a similar discovery on Planned Parenthood’s site — albeit with even more data being shared. After The Washington Post published Lin’s findings, Planned Parenthood said it would remove marketing trackers from pages related to abortion searches and begin “engaging with Meta/Facebook and other technology companies about how their policies can better protect people seeking abortion care."
Meanwhile, Hey Jane, a telehealth site that provides abortion pills by mail in six states, also recently removed its user review section as well as Meta’s Pixel tracker from its site as the company determines “how to best mitigate potential risks to our patients and providers,” CEO Kiki Freedman told Protocol.
The truth is the web is blanketed with trackers. Some 75% of websites — including Protocol’s — use them. While privacy experts have expressed concern about third-party tracking for years and companies like Apple are working to limit it, the new abortion restrictions sweeping the country make the stakes of the sometimes squishy data privacy debate abundantly clear.
“The concern is real,” said Daly Barnett, staff technologist at the Electronic Frontier Foundation. “Especially companies that are more firmly embedded in the abortion access space need to really reevaluate how they’re going to protect user data.”
That may be easier said than done for sites like Plan C that are already dealing with a seismic shift in the legal system and don’t have large in-house tech teams to focus on these concerns. Plan C was built with Webflow, a no-code web development tool that Lin warns may not take into account the sensitive nature of its clients’ businesses. “Obviously, the developers of this website have no malicious intent,” Lin said. “But by building websites with no-code tools like Webflow, developers may find that they are not only sacrificing customizability, but also privacy, in exchange for convenience and speed.”
Webflow chief marketing officer Shane Murphy-Reuter said in a statement that Webflow advises customers not to use its services for health data, and that in Plan C’s case, the company isn’t explicitly processing health data: It’s just directing visitors to other sites where they can actually procure pills. Still, Murphy-Reuter said Webflow “makes every effort” to minimize disclosure to law enforcement and government agencies and is updating its policies and controls “to reflect this new horrifying reality in which we all find ourselves.”
While any organization that collects user data in relation to abortion access is vulnerable to legal requests, sharing that data with third parties like Meta and Google can also expand the surface area of risk, said Cynthia Conti-Cook, a civil rights attorney and technology fellow at the Ford Foundation. “Data retention policies and how long that [data] is around is different for different types of organizations,” she said. “And the information can be much more easily accessed through companies like Meta.”
While Meta says it won’t fulfill overly broad legal requests, it does operate a portal for law enforcement. In some cases, both Google and Meta respond to emergency requests from law enforcement, even without a legal order, when they believe there’s a risk of imminent harm or death. Recently, Bloomberg reported that Meta and Apple handed over user data to hackers in response to a forged emergency request.
But while the privacy risk of sharing potentially sensitive data with third parties is clear for an organization like Plan C, so are the costs of opting out of the most basic types of digital marketing. After all, at a time when clinics are shutting down across the country, getting information out through digital ads is crucial. “It is critical for patients to be aware that telemedicine abortion services like Hey Jane exist as other care options are put under extreme strain,” Freedman said. “In fact, only one in four Americans know the abortion pill is a safe, legal, effective option for ending early pregnancies. We’ve found that the best way to reach people seeking out safe abortion care is via the channels they’re already on.”
Suggesting that sites like Hey Jane and Plan C forgo tools that just about every other company and organization uses in their marketing is “an impossible ask,” said Conti-Cook. “What people give up if they don’t have those types of website supports is they give up the ease with which people can find them,” she said.
And yet, web analytics and marketing tools that were routine just a few months ago are now “trip wires” in states where abortion is criminalized, Conti-Cook said.
There are ways that visitors can protect themselves from having their information collected. As Plan C notes in the digital security suggestions on its own site, there are private browsers and VPNs. “We have been advised that the best protection a person can give themselves is to secure their own data privacy and footprint,” Merrill of Plan C said in her statement. “We urge anyone concerned about their digital privacy to take steps directly on their devices to protect themselves.”
But these precautions put a burden on individuals that they shouldn’t have to bear, said Sara Geoghegan, a law fellow at the Electronic Privacy Information Center. “It shouldn’t be any individual person’s responsibility to protect their own data from data abuses,” she said. “But it is the unfortunate reality of our current legal landscape.”