Plan C is a top abortion pill resource. It’s also sharing data with Facebook and Google.

PlanCPills.org uses third-party ad trackers that convey sensitive information about people seeking abortion pills. Doing without them may be “an impossible ask.”

Protestors with abortion pill banner

Despite precautions, Plan C is sending some of that very digital evidence it warns about to third parties.

Photo: Chip Somodevilla/Getty Images

The team behind PlanCPills.org has clearly thought a lot about how to protect people who come to the site seeking information about where to find abortion pills online. Plan C, which was launched in 2015 by reproductive health experts, directs visitors to a legal helpline and warns them about the relevant laws in their state. It tests online pharmacies before recommending them and offers case studies of people who have been punished for taking abortion pills.

It also links to tools like Signal and Tor that people can use to keep their communications private, and it warns Plan C visitors of the risks of digital evidence being used against them. These resources are critical in the post-Roe reality, during which visits to the site have grown from a little over 54,000 visitors in March to more than 447,000 in May, when the Dobbs decision leaked.

But what those visitors probably don’t know is that, despite its precautions, Plan C is also sending some of that very digital evidence it warns about to third parties.

According to Johnny Lin, founder of the tracker blocking app Lockdown Privacy, Plan C's site contains trackers that transmit information to Facebook and Google, including visitors’ IP addresses, the URLs they’re browsing — which can contain the state in which they’re seeking abortions — and unique identifiers that are then used to optimize and retarget ads later on. Plan C discloses this, as well as the fact that it may share personal information in response to law enforcement requests, in its privacy policy. But that policy is, as with most privacy policies, buried at the bottom of the site where visitors are unlikely to see or read it.

Since Roe v. Wade was overturned, tech giants including Meta and Google have faced mounting questions about how they plan to protect user data in the wake of the decision. And rightly so. Text messages and Google searches have already been used to prosecute women in the U.S. accused of having abortions illegally. In response to this pressure, Google announced earlier this month that it would begin deleting location data linked to abortion clinics.

But Lin’s findings regarding Plan C suggest that even the most cautious organizations working to enable abortion access in the U.S. may need to rethink seemingly small decisions about how their websites function, the vendors they rely on and the data they collect and share. “My research should not be interpreted as a ham-fisted, ‘Hey, these websites are bad and run by bad people,’” Lin said. “They are just using the off-the-shelf tools that are fairly common. But the issue now that Roe has been overturned is: Do these off-the-shelf tools become more of a liability than a benefit?”

In a statement to Protocol, Plan C co-founder and digital director Amy Merrill said, “We know that digital privacy and security is a serious concern in the U.S. right now, as extremist politicians attempt to pass unjust laws that criminalize access points to safe abortion care. We at Plan C are concerned as well. We are responding to the situation and working with experts to shore up the digital privacy of visitors to our website.”

Especially companies that are more firmly embedded in the abortion access space need to really reevaluate how they’re going to protect user data.

But these findings aren’t unique to the organization. Late last month, Lin made a similar discovery on Planned Parenthood’s site — albeit with even more data being shared. After The Washington Post published Lin’s findings, Planned Parenthood said it would remove marketing trackers from pages related to abortion searches and begin “engaging with Meta/Facebook and other technology companies about how their policies can better protect people seeking abortion care."

Meanwhile, Hey Jane, a telehealth site that provides abortion pills by mail in six states, also recently removed its user review section as well as Meta’s Pixel tracker from its site as the company determines “how to best mitigate potential risks to our patients and providers,” CEO Kiki Freedman told Protocol.

The truth is the web is blanketed with trackers. Some 75% of websites — including Protocol’s — use them. While privacy experts have expressed concern about third-party tracking for years and companies like Apple are working to limit it, the new abortion restrictions sweeping the country make the stakes of the sometimes squishy data privacy debate abundantly clear.

“The concern is real,” said Daly Barnett, staff technologist at the Electronic Frontier Foundation. “Especially companies that are more firmly embedded in the abortion access space need to really reevaluate how they’re going to protect user data.”

That may be easier said than done for sites like Plan C that are already dealing with a seismic shift in the legal system and don’t have large in-house tech teams to focus on these concerns. Plan C was built with Webflow, a no-code web development tool that Lin warns may not take into account the sensitive nature of its clients’ businesses. “Obviously, the developers of this website have no malicious intent,” Lin said. “But by building websites with no-code tools like Webflow, developers may find that they are not only sacrificing customizability, but also privacy, in exchange for convenience and speed.”

Webflow chief marketing officer Shane Murphy-Reuter said in a statement that Webflow advises customers not to use its services for health data, and that in Plan C’s case, the company isn’t explicitly processing health data: It’s just directing visitors to other sites where they can actually procure pills. Still, Murphy-Reuter said Webflow “makes every effort” to minimize disclosure to law enforcement and government agencies and is updating its policies and controls “to reflect this new horrifying reality in which we all find ourselves.”

While any organization that collects user data in relation to abortion access is vulnerable to legal requests, sharing that data with third parties like Meta and Google can also expand the surface area of risk, said Cynthia Conti-Cook, a civil rights attorney and technology fellow at the Ford Foundation. “Data retention policies and how long that [data] is around is different for different types of organizations,” she said. “And the information can be much more easily accessed through companies like Meta.”

While Meta says it won’t fulfill overly broad legal requests, it does operate a portal for law enforcement. In some cases, both Google and Meta respond to emergency requests from law enforcement, even without a legal order, when they believe there’s a risk of imminent harm or death. Recently, Bloomberg reported that Meta and Apple handed over user data to hackers in response to a forged emergency request.

But while the privacy risk of sharing potentially sensitive data with third parties is clear for an organization like Plan C, so are the costs of opting out of the most basic types of digital marketing. After all, at a time when clinics are shutting down across the country, getting information out through digital ads is crucial. “It is critical for patients to be aware that telemedicine abortion services like Hey Jane exist as other care options are put under extreme strain,” Freedman said. “In fact, only one in four Americans know the abortion pill is a safe, legal, effective option for ending early pregnancies. We’ve found that the best way to reach people seeking out safe abortion care is via the channels they’re already on.”

Suggesting that sites like Hey Jane and Plan C forgo tools that just about every other company and organization uses in their marketing is “an impossible ask,” said Conti-Cook. “What people give up if they don’t have those types of website supports is they give up the ease with which people can find them,” she said.

And yet, web analytics and marketing tools that were routine just a few months ago are now “trip wires” in states where abortion is criminalized, Conti-Cook said.

There are ways that visitors can protect themselves from having their information collected. As Plan C notes in the digital security suggestions on its own site, there are private browsers and VPNs. “We have been advised that the best protection a person can give themselves is to secure their own data privacy and footprint,” Merrill of Plan C said in her statement. “We urge anyone concerned about their digital privacy to take steps directly on their devices to protect themselves.”

But these precautions put a burden on individuals that they shouldn’t have to bear, said Sara Geoghegan, a law fellow at the Electronic Privacy Information Center. “It shouldn’t be any individual person’s responsibility to protect their own data from data abuses,” she said. “But it is the unfortunate reality of our current legal landscape.”


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories