EXECUTIVE SUMMARY
Since Roe v. Wade was overturned in June 2022, states have been given the authority to criminalize abortion access within their borders. As of November 1, 2022, abortion care is fully banned in 13 states.1 With states already prosecuting people seeking abortions, Big Tech’s data collection and retention practices now threaten the personal liberties of many Americans.2
On July 1, 2022, Google announced a policy change to delete data entries from location history3 soon after users visit certain sensitive locations including abortion clinics. In the months after Google’s policy change, Accountable Tech tested Google’s updated policies by visiting abortion clinics in different states with Android phones. Based on our experiments and research, Accountable Tech found that Google is still retaining location search queries by default, and location history for users who have it turned on – including for reproductive care facilities – despite their promise to begin deleting it.
Based on our experiments and research, Accountable Tech found that Google is still retaining location search queries by default, and location history for users who have it turned on – including for reproductive care facilities – despite their promise to begin deleting it.
According to Google’s own transparency report, in the second half of 2021, the company received 18,037 subpoenas and 23,924 search warrants for user information. It’s reasonable to expect that prosecutors in states where abortion is illegal may already be making requests for personal data from Google in order to prosecute those seeking reproductive care in the United States. Additionally, a family member, hacker, or abusive partner could access or log into a user’s Google account and turn this data over to state authorities.
It has been four months since Google announced their policy change to protect people’s privacy on health topics. Google’s failure to enact their own policy change endangers those seeking abortions today.
BACKGROUND
In May 2022, before the Supreme Court’s decision, Accountable Tech organized a grassroots petition with a coalition of organizations calling on Google to stop collecting and retaining Android users’ location data for the danger it could pose to the safety of abortion seekers if the Supreme Court overturned Roe v. Wade.
A week after the Supreme Court handed down the Dobbs decision, Google announced a policy change, saying they would delete the data of users who visited sensitive locations including “medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others.” Google’s policy update went on to state: “Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.”
Notably, Google’s policy update evaded crucial details including: what constitutes a “particularly personal” location, how they will identify which locations trigger automatic data deletion, and whether Google will retain backups of location histories. In response, Accountable Tech organized an open letter to Google, joined by 15 leading privacy and healthcare partner organizations, asking these questions and more of Google’s leadership.
Three weeks after Google’s policy update, the Tech Transparency Project (TTP) conducted research that made it clear there were still gaps in Google’s location data retention practices.4 Two months after the release of TTP’s report, Accountable Tech sought to test if Google had implemented any of the changes from the July 1 policy update. Their timeline for implementing the policy was ambiguous: “in the coming weeks.” As a result, we were curious whether, eight weeks after their policy update, Google had made any significant changes to their location data collection and retention practices for those seeking abortion care.
TESTING GOOGLE’S LOCATION HISTORY POLICIES
EXPERIMENT 1: Traveling from Cleveland, Ohio to a Planned Parenthood in Pittsburgh, Pennsylvania
On August 17, an Accountable Tech staff member set up a new, unused Android phone. She created a new test Google account and accepted all default privacy settings.
With this phone, she then traveled from Cleveland, Ohio to a Planned Parenthood in Pittsburgh, Pennsylvania. At the time of this experiment, abortion was illegal after the 6th week of pregnancy in Ohio5 and remained legal until the 23rd week in Pennsylvania. After arriving in Pittsburgh, on August 18, she used Google Maps to direct her from her hotel to a Planned Parenthood down the street.
Thirty days later, she logged into the test Google account online to see what data had been stored from her journey. On her desktop, she navigated to “activity controls,” a feature that allows users to see what data is being collected and stored about them. Specifically, in “web and app activity” more than 30 days after she completed this test, she found the following Google Maps search query data stored on her account:
Google’s July 1 policy update claimed they would “delete these entries from location history soon after they visit,” but did not mention data storage for location search queries on Google Maps.
A search for a reproductive care facility could be used to prosecute those seeking reproductive care in states that have banned abortions. This experiment revealed that location search queries for a Planned Parenthood in Pittsburgh, Pennsylvania were collected and retained by Google for at least two months after they were generated. Google’s default privacy settings store these entries for 18 months. The sheer volume of data in Google’s hands provides significant possible incriminating evidence for state governments to prosecute those seeking reproductive care.
The sheer volume of data in Google’s hands provides significant possible incriminating evidence for state governments to prosecute those seeking reproductive care.
EXPERIMENT 2: Enabling location history to travel to Planned Parenthoods in Los Angeles, California
While Google noted in the policy update on July 1 that location history is off by default, in 2018, location history was still on by default, meaning users would need to actively opt-out of having their activity stored. An AP investigation from the summer of 2018 showed that Google recorded user locations even if they have turned off the location history function.6 Some time shortly after that report came out, Google made location history an opt-in feature. However, Android users who have had a Google Account for a long time are more likely to have this feature enabled without even realizing it.
Even though Google’s current location history policy states that an Android user needs to opt-in to have the location history feature enabled on their account, there are still some scenarios in which a user might be prompted to enable it. According to a 2019 article from USA Today, “Google Maps has a service called ‘Match,’ which suggests restaurants based on your past dining experiences and tastes. If you click on it, Google sends you to Settings to allow Location History tracking. Google also routes people to turn on Location History in exchange for ‘real-time traffic updates based on your current location’ or with Google Photos to ‘help improve auto-organization and search.’” So, even if a Google user hasn’t consciously opted-into location history, they may have unknowingly enabled the feature to access certain Google services.
Building on our first experiment, with this second experiment, we sought to answer two key questions:
- Had Google actually made updates to their location history function they promised (deleting the data of users who visit sensitive locations)?
- What kinds of data do they collect and retain from users who do have the location history function enabled?
We set up a new, unopened Android phone and accepted all default settings. This time, however, on the test Google account we had set up for this experiment, we enabled the location history feature (found under “activity controls” and “enable location history”).
On October 7, traveling to a Planned Parenthood location in Los Angeles, California, our test Google account recorded the following:
On October 11, we drove to a different Planned Parenthood location in Los Angeles. This is the data that was recorded shortly after:
Neither of these trips recorded the exact address of a Planned Parenthood, but the route does show the approximate location of the vehicle near a facility. And, Google even offers Planned Parenthood as a “suggested location” where the user might be.
Google doesn’t make it easy to figure out when a user might be prompted to enable the location history function. But, if a user does happen to have it enabled, it’s clear that Google is collecting data that could be incriminating. As of the publication of this report, Google still retains the location data for these trips to Planned Parenthoods in Los Angeles, California.
As of the publication of this report, Google still retains the location data for these trips to Planned Parenthoods in Los Angeles, California.
While our first experiment revealed that Google was collecting and retaining location search queries of reproductive care facilities, our second experiment confirmed that Google is still collecting and retaining location data for sensitive locations including abortion clinics for users when location history is enabled. Based on our experiments and research, Google is actively failing to meet their policy update from July to “delete these entries from Location History soon after they visit.”
CONCLUSION
By retaining both location search query and location history data, Google jeopardizes the health, safety, and legal status of their users who visit reproductive care facilities in states where abortion is criminalized. If prosecutors in a state with a restrictive abortion law receive a tip about someone seeking an abortion, a subpoena would likely force Google to hand over this sensitive data.
However, Google can stop this practice of unnecessarily collecting and retaining user location data – and start protecting the privacy of their users. Rather than serving as a steward of responsible data collection, Google has failed to enact their own policy update, offering only a meek statement aimed at bolstering their public image rather than defending the safety of their users.
Based on our experiments and research, it is clear: Google’s negligent policies actively endanger those seeking abortions. However, Google’s collection and retention of location search queries and location history data are still just the tip of the iceberg of a much more pervasive and dangerous business model of surveillance advertising, whereby Big Tech companies like Google are incentivized to collect as much data on users as possible to hook users and sell to advertisers.
Google should immediately take steps to confine the data they collect to only what is necessary to provide the service the user requests, minimize data retention, and ensure the data is securely encrypted. They must do everything they can to serve as a responsible steward of personal data to protect reproductive rights and digital privacy.
1. According to the New York Times, abortions are fully restricted in 13 states: Alabama, Arkansas, Idaho, Kentucky, Louisiana, Mississippi, Missouri, Oklahoma, South Dakota, Tennessee, Texas, West Virginia, and Wisconsin, with partial restrictions in place for another five states as of November 1, 2022.
2. According to VICE, Facebook handed over direct messages from a Nebraska teenager to state authorities seeking to prosecute her for having an abortion this past summer after the Supreme Court overturned Roe v. Wade.
3. According to Google, “Location History is a Google Account–level setting that saves where you go with every mobile device where 1) you’re signed in to your Google Account, 2) you have turned on Location History, and 3) the device has Location Reporting turned on.”
4. TTP modeled a scenario in which a perpetrator might login to the Google Play Store on someone else’s phone (a victim). They set up two Google accounts – on two new and previously unopened Android smartphones. One phone was designated as the “victim” and the other as the “perpetrator.” On the victim’s phone, TTP logged in to the perpetrator’s Google Play account and downloaded some apps. TTP found that the perpetrator was able to see the location of the victim’s phone during and after travel to a variety of locations, including a D.C. Planned Parenthood clinic that provides abortions.
5. As of early October 2022, abortion is now legal until 22 weeks of pregnancy in Ohio since a judge struck down the six-week ban according to the New York Times.
6. In October 2022, Google settled an $85 million data suit from the Arizona Attorney General’s office over the way the tech giant used customers’ location data.