In a complaint filed today, the Electronic Privacy Information Center (EPIC) and Accountable Tech called on the Federal Trade Commission to investigate tech giant Google for failing to promptly delete location records of users’ visits to abortion clinics and other sensitive facilities despite publicly promising it would do so.
Google retains and processes vast troves of personal information collected through its many applications, programs, and partners. This includes massive amounts of location data, which can reveal sensitive details about a person—including health information like whether and when a person visited a doctor’s office, an addiction treatment center, or an abortion clinic. When this information is retained by companies like Google, it can be accessed by law enforcement and can be used to profile individuals in harmful ways.
In July 2022, following the U.S. Supreme Court’s rescindment of the constitutional right to abortion in Dobbs v. Jackson Women’s Health Organization, Google announced a major policy change to its handling of location data. Google stated that if “its systems identified that a user had visited” an abortion clinic, it would “delete these entries from Location History soon after they visit.” Google’s commitment also extended to location records identifying a user’s visits to addiction treatment centers, domestic violence shelters, and other similarly sensitive facilities.
But Google broke that promise. Months later, research by Accountable Tech and others showed that Google had failed to delete the location information it had promised to. For example, Google’s systems retained search queries and directions to Planned Parenthood clinics and granular map data placing users at Planned Parenthood locations they had visited for more than a month. And the problem continues to this day: a follow-up experiment from Accountable Tech found that while Google had scrubbed “Planned Parenthood” from a user’s Location History map, it retained the route to the clinic itself in four out of eight of its tests. Although Google recently promised—again—to extend enhanced protections to users’ location data, it has yet to follow through on the deletion promise it made more than a year ago, leaving users vulnerable to privacy harms.
“Google’s personal location data practices have caused or are likely to cause substantial injury to its users because they expose users to excessive retention of their ‘particularly personal’ information that can reveal highly sensitive information about them, including whether an individual visited a medical treatment facility, domestic violence shelter, abortion clinic, fertility center, addiction treatment facility, or a surgery clinic.,” EPIC and Accountable Tech’s complaint explains. “The ability of law enforcement to access such data can lead to criminal prosecution and unduly discourage individuals from seeking vital health care services—a risk of substantial injury that has dramatically increased following the Dobbs ruling.”
The complaint calls on the FTC to investigate Google for unfair and deceptive practices in violation of Section 5 of the FTC Act and for violating the 2011 FTC Consent Order arising from Google’s previous mishandling of personal data in the rollout of the…