Since the Supreme Court’s reversal of Roe v. Wade in June, location data firms, , and have been facing increased scrutiny from Congress for trading in sensitive user data that could indicate when someone is seeking an abortion. app developers online abortion pill providers The Markup has found that location data company INRIX, which collects, analyzes, and sells aggregated vehicle, traffic, and parking data includes Planned Parenthood clinics in its . INRIX IQ Location Analytics dashboard Using a free trial of the product, The Markup was able to locate at least 71 Planned Parenthood clinics in dozens of states. INRIX is a major, established mobility data company that has been in business for 17 years. It lists the U.S. Federal Highway Administration, Microsoft, the Los Angeles Department of Transportation, BMW, Zillow, and IBM among its clients. The Markup’s findings follow recent reports by Motherboard identifying two other location data firms— and —that also included Planned Parenthood visitor data in their similar dashboard products. Both companies have since removed that data. Safegraph Placer.AI Mark Daymond, the CTO and data protection officer at INRIX told The Markup in an email, “INRIX receives anonymized data and further de-identifies it then aggregates that data. Identities of individuals are irrelevant for our business.” The free version of INRIX’s Location Analytics dashboard listed only the address, hours, and average annual daily traffic counts on nearby streets for each clinic, but the paid version shows more detailed statistics for sample points of interests in its database, including demographic and ethnic breakdowns of visitors, visitor counts by hour and day, aggregated heat maps of the origins and destinations for visitors, and drive times to and from the business location. The Planned Parenthood locations remained in the INRIX dashboard after we contacted the company, and were still there hours before publication of this story. Planned Parenthood did not immediately respond to a request for comment. Daymond said the approach INRIX takes to limit detail on the maps protects users from being identified. “Location Analytics only displays results down to the census block group level. We source data from a variety of map providers whose information is commercially available,” he said. With the legal landscape changing rapidly since Dobbs v. Jackson triggered more restrictive abortion laws, people seeking the procedure face increased risks to their privacy, and many technology companies have been racing to respond. Anti-abortion activists have used tools built by the location data industry, , to dissuade abortion-seeking patients with targeted ads. Now, the stakes are higher as nine states have criminalized the procedure. such as geofencing Scrutiny from Congress Some Democratic lawmakers are demanding action. Following reports by Motherboard, 14 Democratic senators to location data companies Safegraph and Placer.AI seeking details about their data collection and asking them to cease including abortion clinics. sent letters and have removed the clinics and other sensitive locations from their databases following the Motherboard reports. On July 1, Google when a user visits an abortion provider, fertility center, or other sensitive location. Safegraph Placer.AI pledged to erase visitor location data Last week, the location data companies Placer.AI, Safegraph, Babel Street, X-Mode (Outlogic), Gravy Analytics, and five reproductive health app developers and , the sources of their location data, and all data partnerships as part of an investigation into abortion and reproductive health patient data privacy. House Oversight Committee contacted asked them to disclose their data collection practices “This is a great example of how comprehensive privacy laws need to be put in place that restrict the collection of that kind of data that can be weaponized against users by fingerprinting, identifying them, and selling that sort of behavioral data or identifying data to anyone that wants it, law enforcement or otherwise,” said Daly Barnett, a staff technologist at the Electronic Frontier Foundation. Location Analytics Dashboards INRIX, a privately held company based in Kirkland, Wash., offers parking, traffic, and aggregated location data to transportation agencies, car manufacturers, and software developers. In a brochure for its “Vehicle Trips” product, the company boasts that its data “ ” and 36 billion “real-time data points” each day, with updates as frequent as every three seconds. captures over 150 million anonymous trips Location data companies like INRIX, Placer.AI, and Safegraph offer similar products: an easy-to-use dashboard where users can quickly analyze foot and vehicle traffic to millions of retail businesses, highlighting patterns in visits with charts and maps and tools to compare competing businesses. One of the sample locations The Markup was able to explore was a chicken sandwich restaurant in New Jersey. Such data is extremely valuable for city planners, retail businesses, and commercial real estate and private equity firms. The data powering these aggregated insights comes from multiple sources, , connected vehicles, traffic sensors, and data purchased from other brokers. including mobile phone apps While tracking the aggregate number of people visiting a chicken sandwich shop seems innocent enough, when people are seeking an abortion, the privacy risks change drastically. Some location data companies have recognized the risks of including sensitive locations like doctors’ offices and houses of worship. For example, location intelligence firm Cuebiq publishes a public “ ” policy defining the types of locations it excludes to protect the privacy of the users in its datasets. Sensitive Points of Interest Data Partners INRIX’s states that it collects personal data from third-party sources, including “[d]ata brokers from which we purchase data to supplement the data we collect,” though it does not disclose the identity of any of its partners. privacy policy The data that powers the dashboard we used contains clues to the source of INRIX’s points of interest (POI) data. We observed the autocomplete function on INRIX’s dashboard to the API for location data company HERE, which provides location results for a boundary specified by the map coordinates. making a call There also appears to be a HERE-provided unique ID for each location in the data. HERE spokesperson Kasey Farrar told The Markup in an email that the company “… maintains robust ‘privacy by design’ data practices with strict terms and conditions for data usage by customers. HERE does not collect origin-destination data of individuals.” Farrar noted the company’s “ ” which details some of the specific measures taken to protect user privacy. privacy charter, The business review site Yelp also makes an appearance in the POI data. Yelp is listed as the “supplier” within the data powering INRIX’s dashboard. Yelp spokesperson Julianne Rowe said that the company does not have a partnership with INRIX and that businesses “can obtain Yelp content and data through our free API or from an approved partner.” She noted that the business location, hours, and contact information are all publicly available, including on Planned Parenthood’s website. There are several categories assigned to the Planned Parenthood locations we found on INRIX. Categories included “Medical Services/Clinics,” “Hospital or Health Care Facility,” and “Consumer Services.” While most of the data we could see on INRIX’s dashboard appeared to be aggregated, risks do remain for users. Many companies in the highlight that user privacy is protected, due to the fact that they only sell aggregated data, such as a certain number of people visiting a particular business during a specific week. multibillion-dollar location data industry Daymond said INRIX does not sell data that is tied to individual users. “INRIX is not a data broker…. We don’t store personal identifiers that can be tied back to an individual to help ensure no personal data is discovered.” On the industry-wide use of aggregated data to protect user privacy, EFF’s Barnett said that even aggregated data carries risks for user privacy, and individuals . can still be identified in some circumstances INRIX’s Daymond said, “Our terms of use explicitly prohibit our customers from using our products in a way that violates laws and regulations.” While business location and visitor traffic may seem innocuous, Barnett said, the context matters. “These seemingly … observed-in-a-vacuum, harmless datasets don’t exist in vacuums. They can be snowballed together too.” Written By Jon Keegan Also published here Photo by on Alina Grubnyak Unsplash

Every dollar you donate helps support The Markup’s work.

Too Long; Didn't Read

In your car, at home, or at work — Bosch technology shapes many areas of life.

Your Planned Parenthood Data Is Being Collected, Analyzed, and Sold

Too Long; Didn't Read

People Mentioned

The Markup

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

Your Planned Parenthood Data Is Being Collected, Analyzed, and Sold

Too Long; Didn't Read

People Mentioned

The Markup

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES