Senator Amy Klobucha | Amy Klobucha Official Website
Senator Amy Klobucha | Amy Klobucha Official Website
Earlier this year, Klobuchar, Warren, and Hirono introduced legislation to expand protections for Americans’ personal health and location data privacy
WASHINGTON - U.S. Senators Amy Klobuchar (D-MN), Elizabeth Warren (D-MA), Mazie Hirono (D-HI), Peter Welch (D-VT), Ron Wyden (D-OR), Edward Markey (D-MA), Richard Blumenthal (D-CT), Dick Durbin (D-IL), Bernie Sanders (I-VT), and Patty Murray (D-WA) called on Google for answers after recent reporting revealed that the company is not consistently upholding its commitment to delete sensitive location data, leaving data about revealing personal health care decisions at risk and potentially allowing the data to be used to advertise services that may be harmful.
“Last July, Google rightly noted that location data can be very personal and announced that it would delete entries of sensitive locations from the Location History feature ‘in the coming weeks.’ The locations included in the announcement included counseling centers, domestic violence shelters, abortion clinics, fertility centers, and addiction treatment facilities,” the Senators wrote to Google CEO Sundar Pichai. “Now, over 10 months after this announcement, reporters for the Washington Post visited hospitals, fertility clinics, and Planned Parenthood clinics in multiple states and found instances where Google stored the exact name and address of the location visited (e.g. ‘Planned Parenthood – San Francisco Health Center’)."
“Another report found that Google failed to delete sensitive location data in nearly 60 percent of test cases over the last several months,” the Senators continued. “Claiming and publicly announcing that Google will delete sensitive location data, without consistently doing so, could be considered a deceptive practice.”
As Chairwoman of the Senate Judiciary Subcommittee on Competition Policy, Antitrust, and Consumer Rights, Klobuchar has long led efforts to protect consumers’ privacy, especially regarding sensitive health data.
In March, Klobuchar, Warren, and Hirono introduced the Upholding Protections for Health and Online Location Data (UPHOLD) Privacy Act to prevent companies from using personally identifiable health data for advertising purposes. The bill would also allow consumers greater access to and ownership over their personal health information, restrict companies’ ability to collect or use information about personal health without user consent, and ban data brokers from buying and selling location data.
In February, Klobuchar and Senators Susan Collins (R-ME), Maria Cantwell (D-WA), and Cynthia Lummis (R-WY) called on three telehealth companies to protect their patients’ sensitive health data, expressing their concern over reports that these online health companies are tracking and sharing their customers’ personally identifiable health data with social media platforms for advertising purposes.
In May 2022, Klobuchar and Senator Tammy Baldwin (D-WI) urged the Federal Trade Commission (FTC) to protect the data privacy of women seeking reproductive health care.
Full text of the letter is available HERE and below:
Dear Mr. Pichai,
We write to express our concern that Google is not upholding its commitment to delete sensitive location data, particularly when it can reveal private health care decisions. This data is extremely personal and includes information about reproductive health care. We are also concerned that it can be used to target advertisements for services that may be unnecessary or potentially harmful physically, psychologically, or emotionally.
Last July, Google rightly noted that location data can be very personal, and announced that it would delete entries of sensitive locations from the Location History feature “in the coming weeks.” The locations included in the announcement included counseling centers, domestic violence shelters, abortion clinics, fertility centers, and addiction treatment facilities.
Now, over 10 months after this announcement, reporters for the Washington Post visited hospitals, fertility clinics, and Planned Parenthood clinics in multiple states and found instances where Google stored the exact name and address of the location visited (e.g. “Planned Parenthood – San Francisco Health Center”). In other cases, the location was shown as a nearby establishment or the general neighborhood, and sometimes the data was indeed deleted within 24 hours. Another report found that Google failed to delete sensitive location data in nearly 60 percent of test cases over the last several months. Claiming and publicly announcing that Google will delete sensitive location data, without consistently doing so, could be considered a deceptive practice.
We ask that you respond to the questions below by May 26, 2023:
- How do Google systems identify whether someone has visited a sensitive location? Please provide a complete list of metadata used to make this identification, and any supporting documents.
- Please provide a complete list of the types of locations Google considers to be sensitive, and thus eligible to be automatically deleted.
- A spokesperson for Google has stated that Google deletes entries for sensitive locations “soon after” a visit. For how long after a user visits a sensitive location does Google store an entry for the visit? When does Google delete the entry?
- Does Google allow advertisers to target ads based on sensitive location data that can reveal a user’s health information?
- Will you commit to consistently deleting sensitive location data that pertains to any type of reproductive care, mental health care, and addiction treatment within 24 hours of a user’s visit, on both the user’s device and Google servers? Will you agree to a third-party audit to verify that such a protocol has been successfully implemented?