Exclusive: a study shows the company has a long way to go in upholding its pledge to protect users
Google responds to tens of thousands of requests each year from law enforcement agencies seeking access to the vast troves of data collected on its users. In one six-month period in 2021, the most recent data publicly available, Google received nearly 47,000 law enforcement requests, affecting more than 100,000 accounts, and responded with some amount of data to 80% of them. The Dobbs decision sparked concerns that such data could be used to prosecute people seeking abortions in states where it is banned – for instance, if they searched for or traveled to an abortion clinic.
Google responded to those concerns by saying it would delete entries for locations deemed “personal”, including “medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics”. The company did not indicate how long after a user visited a “personal” location it would delete the data.
“If our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit,” the company said in July, pledging to make the change “in the coming weeks”.
The tech advocacy group Accountable Tech conducted an experiment in August and October to test Google’s pledge. Using a brand new Android device, researchers with the group analyzed their Google activity timeline, where the company shows what information is logged about an account holder’s actions. This activity helps make Google’s services “more useful” to users, according to the company – for instance, by “helping you rediscover the things that you’ve searched for, read and watched”. However, any information collected by Google is potentially subject to law enforcement requests, including the data logged in “My Activity”.
The group found that searches for directions to abortion clinics on Google Maps, as well as the routes taken to visit two Planned Parenthood locations, were stored in their Google activity timeline for weeks after it occurred. At the time of this article’s publication, the information was still stored and available at myactivity.google.com.
The research, shared exclusively with the Guardian, raises questions about Google’s commitment to implementing its promised changes, the group contends. Furthermore, a Guardian analysis shows that additional data stored on Android phones can still create a detailed portrait of a user’s journey to seek an abortion, even if the location of abortion clinics visited are properly masked.
A Google spokesperson, Winnie King, said “protecting user privacy” was a top priority for the company and that the search giant had launched the promised changes to location history “earlier this year”.
“Separate from Location History, which saves the places visited, users can manage their searches and activity on Google sites and apps through the Web & App Activity setting, which includes Maps searches and directions,” King said. “Users can turn Web & App Activity off at any time, delete all or part of their data manually, or choose to automatically delete the data on a rolling basis.”
Testing Google’s location policy
As of Monday, abortion was banned in at least 12 states. Accountable Tech’s research was designed to mimic the steps someone seeking an abortion might take.
In one experiment, Giliann Karon, a researcher at the organization, traveled from Ohio to Pennsylvania and visited a Planned Parenthood on 18 August. At the time, Ohio prohibited abortions after six weeks of pregnancy. After arriving in Pennsylvania using Google Maps, Karon again used Google Maps to direct her to a Planned Parenthood clinic down the street. Karon accepted all the default privacy settings on the phone, which meant location tracking was off. While her location information was not stored, the searches for Planned Parenthood clinics she conducted while she was in Ohio, as well as the fact that she used Google Maps to find directions to the clinic, were logged. Months later, Karon’s searches for a Planned Parenthood, and the query for directions to the clinic, remain logged in her activity page.
In a second case, another researcher, Aditi Ramesh, turned on location tracking on a new Android device. She then traveled to two Planned Parenthood locations in Los Angeles in October. In both cases, screenshots show that while the exact address wasn’t stored in her Google timeline, the routes were retained and, in one case, the route included a pin at the exact location of the Planned Parenthood. On 22 November, the information was still stored in Ramesh’s activity timeline.
Google would not say exactly when it had implemented its policy of deleting locations after a user visited an abortion clinic. However, in the second experiment, King said, location history did not detect that Ramesh had visited a Planned Parenthood. If it had, she said, it would have deleted the visit. It instead detected that she visited businesses around the clinic, according to King. Screenshots show, however, that when Ramesh visited the second clinic, Planned Parenthood was among the locations suggested to her regarding where she might be.
Other experts are not surprised by the findings.
“Despite the promises of well-intentioned technologists, it is entirely unsurprising that new experiments are showing that sensitive information connected to abortion is being collected and retained by the advertising giant,” wrote Jackie Singh, the director of technology and operations at the Surveillance Technology Oversight Project (Stop), in messages to the Guardian.
Other privacy advocates testing Google’s location tracking system also found similar results. Tom Kemp, a Silicon Valley-based entrepreneur and investor, performed a comparable experiment in August. Kemp searched phrases such as “I need an abortion”, then searched for Planned Parenthood clinics near him and drove to a location using Google Maps for directions. A review of Kemp’s activity shows that more than three months later, the search queries as well as the fact that he was directed to the clinic remain stored in his timeline.
“They’re operating under the mindset of: ‘We need to collect as much information as possible to facilitate advertising,’” Kemp said. “But they have a business model that can be perverted by foreign actors and other people that want to weaponize that behavioral information.”
Abortion-related search histories
Location data is not the only activity Google stores that could be used against someone seeking an abortion.
In order to help the Guardian test what other information is being retained, Kemp also conducted searches such as “get an abortion near me”. On 22 November, he scheduled a calendar event entitled “Get an abortion”, with a location tag for the nearest clinic. He also searched for and downloaded a period-tracking app called Clue in the Google Play store.
All of this was stored in his activity timeline in considerable detail. A Guardian review of his activity shows that, at 10.12am on 22 November, he received a notification from Google Assistant telling him:“Time to leave for Get an abortion.” It also shows he “visited Clue Period & Cycle Tracker” on the Google Play store, searched for “abortion pill” at 10.03am and searched for “get an abortion near me” a minute later.
As of November, searches for “abortion” from his August experiment also remained stored in his activity timeline.
Taken together, the information paints a fairly detailed picture of whether and how someone sought an abortion.
Beyond its pledge to delete location data,Google has said little about how it would protect users in the wake of Dobbs. Instead, the company has reiterated its commitment to limiting how data is shared and collected by other companies and app developers. The company also said it made it easy for users to delete data from Google-owned Fitbit products and Google Fit.
“The truth is we cannot expect an advertising giant like Google, who has become powerful by monetizing the collection of our data, to neatly tailor its many complex systems to avoid surveilling particular populations of people, such as those seeking information about abortion,” wrote Singh, who formerly served as a cybersecurity staffer on the Joe Biden campaign. “Unfortunately, the nature of surveillance and the complexities of the data broker ecosystem form a broad harm which we can only solve with legislation.”
While many tech companies have made commitments to mask, delete or stop collecting abortion and health-related data, experts say the very business model of collecting private data for profit should be questioned.
“The best way to protect people who are seeking abortions is to stop collecting the data entirely,” concluded Ramesh.