Data brokers amass profiles of pregnant women – and, of course, it's all up for sale
'One common trait is that they have zero regard for the privacy of the individual'
Nearly three billion profiles and other pieces of data belonging to "actively pregnant" women or those "shopping for maternity products" worldwide are up for sale by US data brokers.
This, according to an investigation, which uncovered 32 different brokers selling access to mobile IDs of individuals, who, according to their broker-built profiles, appear to be pregnant or buying stuff as if they were. That is to say, automatically-assigned identifiers of individuals are sold so that they can be targeted with specific adverts. You could, for example, buy a load of IDs that meet a set of requirements, and then ensure ad networks display your ads to those devices.
The data is usually "anonymized," though with enough data, people can be deanonymized through their whereabouts, background, and habits. Even if you avoid having, say, a Facebook or Twitter profile, the internet's data brokers can still form a profile of you from your online activities by following you around using the assigned ID.
In addition to the aforementioned 2.9 billion profiles, Gizmodo reports that there's another 478 million profiles for sale belonging to customers "interested in pregnancy" or "intending to become pregnant." It's worth noting that these datasets overlap, and Gizmodo admits that the specific number of how many different individuals' data is up for sale is unclear.
In light of the US Supreme Court's decision to overturn Roe v. Wade, in states where abortion is now illegal this data could put women at risk of prosecution — either from law enforcement or private-citizen vigilantes looking to collect bounties on women seeking to terminate their pregnancies.
There are some 1,200 data brokers in the US, according to digital privacy startup Hush co-founder and President Lynn Raynault. "The number one common data broker trait is that they have zero regard for the privacy of the individuals they collect data on and most often have no regard for who purchases that information," she told The Register.
"In a post Roe v. Wade world, this information can be used against people seeking abortions as well as those providing abortions," Raynault added. "Data brokers look for any angle to make money based on the data they possess. If they decide to combine their knowledge of a person's home and family members with health care data, they can easily connect the dots on identifying individuals seeking abortions."
This poses a number of threats of varying degrees, she continued. On a basic level, this could lead to doxxing women seeking abortions — revealing their home address and contact information.
"In essence, the folks who once picketed outside Planned Parenthood could instead go directly to a person's home, either the abortion seeker or provider," Raynault said.
However, selling access to a profile's location, health care, and purchase data could have more serious consequences in states like Texas, which now has a law on the books that allows any citizen who successfully sues an abortion provider, a health center worker, or anyone who helps someone access an abortion after six weeks to claim a bounty of at least $10,000.
"In places like Texas that have on record an abortion vigilante law, you could easily imagine this empowering mob rule," Raynault said.
- Need baby formula? Buy a pregnancy test at Walgreens
- SCOTUS judges 'doxxed' after overturning Roe v Wade
- FTC suddenly gets very stern about not-really-anonymized anonymized data
- Big Tech silent on data privacy in post-Roe America
The study also published a list of all 32 companies, and, for 19 of them, their data sources. Sources include self-reported surveys, geolocations, mobile app downloads, public records, social media data, purchases, and the companies' own internal data analysis.
One company, AlikeAudience, which is apparently selling access to about 61 million iOS users at a "pregnancy and maternity life stage," claims to collect "data from various sources such as users' mobile app downloads & usage, geolocations, public records such as POI and self-declared information."
The report suggests the broker determines whether a user is at a pregnancy life stage via AlikeAudience's relationship with Mastercard, for example: if someone buys maternity clothes using this credit card.
Another company, Quotient, claims to sell data from 9.6 million iPhone and Android device users who reportedly bought pregnancy tests and/or "female contraceptives." This firm was formerly known as Coupons.com, and it has direct access to data about what types of products, contraceptive and otherwise, customers are downloading coupons for and presumably buying.
Quotient also has an exclusive advertising partnership with Giant Eagle that gives it access to the pharmacy chain's point-of-sale purchase data, app usage and web data.
In response to Roe being overthrown, a string of new bills introduced by Democratic lawmakers would make it illegal for data brokers to sell sensitive location and health information about medical treatment and personal information that fertility apps track, such as when someone ovulates or has sex.
Additionally, the Federal Trade Commission has warned companies it will take legal action against businesses selling this type of personal data with insufficient privacy safeguards. ®
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Remote Access Trojan
- RSA Conference
- Trusted Platform Module
- Zero trust