Low Risk: Users can edit or delete data, Some Risk: Users can edit data, High Risk: Users cannot edit or delete data
Third-Party Sharing (Ads and Marketing)
Research scientist and privacy expert Razieh Nokhbeh Zaeem calls personally identifiable information the “currency of the internet” because of the myriad ways individualized data is collected, bought, and sold across industries. While almost all websites work with third parties in some way, telehealth companies should not sell or share your information with advertisers—but many do, as evidenced by Betterhelp’s recent settlement with the Federal Trade Commission.
If a company is collecting sensitive information and using it to market products and services to you, that presents some risk. If a company shares this information with other companies to support their marketing efforts, it’s a major red flag. As the Markup rightly points out in its privacy policy guide, mentions of “personalization” and “improving services” in these documents usually equate to ad tracking.
According to its privacy policy, Hey Jane uses personal data (and PII) to market its own services (“inform you about products”), while Carafem, Wisp, and Choix reserve the right to pass along information to third-party marketing partners. Choix’s policy claims that it “will never sell your data for third-party marketing purpose[s]” in one section but reserves the right to disclose data to its affiliates for “marketing” purposes in another.
Rather than limiting or removing the third-party trackers installed on their sites, some providers recommend that users generally opt out of cookie-based advertising within their policies, a strategy that is far from foolproof.
Low Risk: PII is not used for marketing or advertising, Some Risk: PII is used for marketing/advertising, High Risk: PII shared with third parties for marketing/advertising
The Bottom Line
In a post-Roe America, virtual abortion clinics provide an essential service, especially for people living in states that criminalize care. Early indicators have shown that they increase access to safe and effective abortion medications, but they don’t offer as much privacy as users are led to believe. With the exception of Aid Access, all of the providers we analyzed have a long way to go when it comes to protecting users’ privacy and earning their trust.
To manage risk when approaching these services (and accessing other information about abortion in hostile states), educators at the Digital Defense Fund recommend reducing your footprint by using privacy-forward search engines like DuckDuckGo, creating temporary email accounts for abortion care, and turning off location tracking on all of your devices.
While engaging in defensive tactics like these are practically useful, legal scholars like Gilman suggest that the reproductive justice movement will advance only when federal and state governments no longer rely on an outdated “notice and consent” paradigm for data privacy. “We need meaningful consent in the reproductive health space,” says Gilman. “Privacy policies today are more like adhesion contracts—suggesting that users ‘take it or leave it.’ It’s not realistic or fair to tell people they can’t engage with technology if they want to protect their privacy.”
Gilman recommends advocating at the state level for better privacy standards, especially if your representatives are considering new legislation. She also encourages people to demand increased protections from private companies, many of which are more flush with the “currency of the internet” than they would have us believe.