INRIX, a company that provides location-based data analytics, has been collecting, analyzing, and selling aggregated vehicle, traffic, and parking data for over 17 years. Now, after the Roe v. Wade decision, INRIX is under scrutiny for its data collection tactics and the ability to view data related to Planned Parenthood clinics. In a brochure for its “Vehicle Trips” product, INRIX details the fact that it “captures over 150 million anonymous trips” and 36 billion “real-time data points” each day, with updates as frequent as every three seconds.

By using only the free trial version of the INRIX IQ Location Analytics platform, a user can locate at least 71 Planned Parenthood clinics in numerous states. The free version of this platform only lists the address, hours, and average annual daily traffic counts on nearby streets for each clinic, but the paid version shows more detailed statistics for sample points of interests in its database, including demographic and ethnic breakdowns of visitors, visitor counts by hour and day, aggregated heat maps of the origins and destinations for visitors, and drive times to and from the business location.

While this type of data collection, and availability and accessibility may seem problematic in the current legal landscape related to reproductive rights, INRIX has publicly stated that it only receives anonymized data and de-identifies it further as necessary, before aggregating those data for use in its products. According to INRIX, individual identities are not relevant to its business – the location analytics only display results based on the census block group level and the data are sourced from map providers, which are commercially available.

Other location-based data analytics companies, such as Safegraph and Placer. AI, also had Planned Parenthood visitor data in their products, but those data have been removed. Even some Internet search engines have pledged to delete visitor location data when a user visits an abortion provider, fertility center, or other sensitive reproductive health location. 

The problem with this data collection and sharing, although inclusive only of location-based data, comes when the individuals seeking an abortion face increased risks to their privacy, and potentially, their own safety and wellbeing. Before the recent overturning of Roe v. Wade, pro-life activists have used software and services like geofencing from the location data industry to dissuade abortion-seeking patients with targeted advertisements. With the procedure criminalized in nine states, the effects could be even more impactful.

As a result of this data collection and use, lawmakers have sent letters to these location data companies to gather details about their data collection and requesting that they stop including abortion clinics in their platforms and reports.

While most of the data on the free version of the INRIX dashboard are aggregated, risks still remain. Most companies in the location data industry boast that individual privacy is protected due to the fact that they only sell aggregated data (e.g., the number of people visiting a particular business during a specific week). However, even aggregated data might carry risks for individual privacy because individuals could still be identified in some circumstances. If location data show that a particular user frequents one central location (e.g., home or work) while also visiting a Planned Parenthood clinic, it may be easier than you’d think to determine the identity of that individual.

For more on this investigation conducted by The Markup click here.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.