Editor’s notice: This text has been up to date with a remark from Apple.
Ten state attorneys basic are urging Apple so as to add new protections for reproductive well being knowledge contained in third-party apps hosted on the App Retailer.
In a letter despatched to CEO Tim Prepare dinner, attorneys basic of California, Connecticut, the District of Columbia, Massachusetts, North Carolina, New Jersey, Oregon, Vermont and Washington mentioned lax guidelines for safeguarding reproductive well being knowledge may hurt sufferers or suppliers within the wake of the Supreme Courtroom determination that overturned Roe v. Wade.
The group mentioned location historical past, search historical past and adjoining well being knowledge — data associated to previous, current or future reproductive well being of the person — may pose a threat to individuals on the lookout for or offering abortions, contraception or different reproductive care.
The attorneys basic argue Apple ought to require app builders to delete location, search and well being knowledge that is not required for the app to operate. Apps must also present clear notices that element how their knowledge is getting used, retained and shared in addition to solely present that knowledge to 3rd events with a subpoena, search warrant or court docket order.
The letter notes that Apple ceaselessly touts excessive requirements relating to knowledge safety and privateness, and it ought to maintain third-party apps to its personal guidelines.
“At minimal, Apple ought to require apps on the App Retailer to fulfill sure threshold safety necessities, corresponding to encryption of biometric and different delicate well being knowledge saved on functions, use of end-to-end encryption when transmitting mentioned knowledge and compliance with Apple’s person opt-out controls,” the attorneys basic wrote. “To make sure long-term compliance, Apple ought to conduct periodic audits and take away or refuse to checklist third-party apps in violation of those requirements.”
When requested for remark, Apple famous well being and health knowledge saved in its Well being app is encrypted when the cellphone is locked with a passcode, Contact ID or Face ID. Apple itself additionally will not be capable to learn well being and exercise knowledge when utilizing an up to date model of watchOS or iOS with the default two-factor authentication and a passcode.
Customers can share Well being knowledge with third-party apps, and Apple requires these apps to ask for permission, clarify why it is requesting entry and have a coverage that discusses how the info can be used. Customers may management the Well being app data that may be shared, for instance permitting a third-party app to learn step rely however not blood glucose knowledge.
THE LARGER TREND
After the Dobbs determination got here down over the summer season, some safety consultants raised considerations knowledge collected in reproductive well being and interval monitoring apps might be used as proof in states the place abortion is now restricted. Others notice there is a number of digital data that might be dangerous, like textual content messages or search historical past.
The letter from state attorneys basic famous a current report from the Mozilla Basis that discovered quite a lot of interval monitoring, being pregnant, and well being and health apps have poor requirements for knowledge privateness. Different analysis has discovered many ladies’s well being apps share knowledge with third events or do not clearly show privateness insurance policies.
ON THE RECORD
“Defending reproductive privateness within the wake of the Dobbs determination is paramount. Regardless of selling privateness as certainly one of its ‘core values’ Apple merely has not executed sufficient to make sure that non-public reproductive well being knowledge collected and saved by apps won’t be used to trace, harass or criminalize these searching for to train their reproductive freedoms,” New Jersey Legal professional Basic Matthew J. Platkin mentioned in a press release.
