Powerful and politically connected U.S.-based anti-abortion organizations are developing and promoting intrusive data collection software and marketing systems around the world. As more information is collected by and made available to anti-abortion organizations, ensuring the protection of people’s privacy is critical. Those who advocate for the strong protection of these rights—and those empowered to uphold and enforce them—must investigate and hold to account organizations that violate or curtail them.

In July, Privacy International—a non-governmental organization fighting for global privacy—reported on Heartbeat International, an anti-abortion organization that is especially interested in using data to further the goals of anti-abortion crisis pregnancy centers. Our reporting showed that one of Heartbeat’s subsidiaries, Next Level, has developed a data-intensive content management system that specifically allows the information collected by anti-choice centers to be combined.

The system that Next Level has developed appears to unify and centralize the information—including personal health data—obtained via intake form from those visiting crisis pregnancy centers that use this system. The information collected, visible in a promotional video on Next Level’s website, includes name, address, email address, ethnicity, marital status, living arrangement, education, income source, drug intake, medications and medical history, sexual transmitted disease history, name of the referring person/organization, pregnancy symptoms, pregnancy history, medical testing information, and eventually even ultrasound photos.

It is incredibly worrying that neither Next Level nor Heartbeat provides clarity about how this intimate information is being shared. Next Level’s privacy policy states that the company “may share such information with Next Level affiliates, partners, vendors, or contract organizations, or as legally necessary,” but provides no further information about how the information is shared or analyzed within Heartbeat’s network of 2,700 affiliate organizations and partners, or outside of this network. Those who visit a crisis pregnancy center—intentionally or not—are left unaware of how their personal information is being used and shared and what the risks and consequences of this might be.

People are likely to provide whatever information is asked of them during a visit without question—especially those desperate for medical help, those in areas with a limited number of abortion clinics, or those visiting a clinic where their first language is not spoken.

In addition to the content management system, Next Level has developed a phone app that allows visitors to anti-abortion centers to “set and change appointments, look at ultrasounds pictures” and also “click in or text her mentor, and talk to someone at Option Line very quickly.” Next Level promotes the app to centers by saying “send her home with an app that includes everything from her ultrasound image and baby’s heartbeat to her proof of pregnancy, and vitally connects her to your organization moving forward.” Although it is unclear what information the Next Level app has access to or how this information is being shared, phone apps in general are notorious for collecting data about users’ activity that most people would not expect. App permissions can reveal information about a user’s live location, give access to photos and contacts, tell social media websites what apps a person is using, and much more.

Another Heartbeat International subsidiary, Extend Web Services, developed Option Line, which is a website, chat service, and call line for deployment on anti-abortion websites. The chat service appears on many crisis pregnancy center websites including outside the United States. Before the chat begins, the Option Line chat interface requires visitors to enter their name, demographic information, location information, and whether they are considering an abortion. It is unclear where the information submitted prior to the chat, as well as the data generated during the chat, ends up, and who has access to it.

This information has the potential to include medical and health data, which is subject to heightened privacy laws in the United States and the European Union, as well as other countries around the world. Option Line’s terms of use state that “all remarks” sent through the website—other than information directly requested—can be used by Option Line “for any and all purposes” that it believes “to be appropriate to the mission and vision of Option Line.” This means that the information provided by someone in a chat, which could be deeply intimate, could be collected and used by the organization.

The contents of the chat could be valuable to Heartbeat and its affiliate anti-abortion organizations. For example, representatives from local anti-abortion clinics could be provided with details of someone who is “abortion-minded,” and try to reach them via other methods.

As we noted in July, Extend Web Services also provides “anti-abortion crisis pregnancy centres and other related organisations with websites, campaign optimisation tools, local search tools, and design services.” Heartbeat requires that Extend Web Services’ clients use Heartbeat-provided language on “5 medical pages.” These pages include: “Abortion Information/Education,” “Abortion Recovery,” “Sexual Health,” “Pregnancy,” and “Emergency Contraception.”

Heartbeat is not alone in its pursuit of accessing and centralizing personal information.

In 2016, Rewire.News revealed how an advertising company sold technology to geo-tag abortion clinics, allowing clients to send would-be patients targeted anti-abortion ads. Clients of the system included a network of crisis pregnancy centers called RealOptions.

In May, the Guardian reported that anti-abortion activists in the United States were funding a phone app being marketed as a tool for fertility tracking and family planning.

In June it was reported that European anti-abortion groups were sharing contact details of those seeking abortion information or procedures in Malta with other activists and that those seeking medical help had anti-abortion activists show up to their front door. These real-world consequences go to the heart of why opaque data centralization among crisis pregnancy centers is problematic.

Privacy harms have time-shifted consequences. While at one point in our lives we may feel comfortable providing certain information, the same information may in the future be used against us in ways we cannot expect or prepare for.

Centers should tell people how they will use and store private information, with whom they will share it, and for how long they will keep it. There must be legal limits on how much information people are required to provide and what is done with it. People should be asked for their explicit consent and be given the choice to limit what information is collected, shared, and stored.

Privacy and strong data protection laws are crucial, in many ways, to ensure people can exercise their reproductive rights. As a result of the failings of Facebook and others, the discussion around new safeguards is rising across the world, including in the United States, despite years of industry opposition. Such safeguards would compel greater transparency by these organizations and limit their capabilities to exploit data. Until those laws emerge, those working to ensure privacy and reproductive rights must continue to shine a light on the technologies being developed to target and track those seeking medical help online.