Apple “needs to do better” on reproductive health data, says AG

Connecticut Attorney General William Tong and several of his colleagues are calling on Apple to better protect consumers’ reproductive health information in apps available through its App Store after the US Supreme Court ruled Roe v. Wade had picked up.

In a letter sent Monday to Apple’s Chief Executive Officer Tim Cook, Tong and other attorneys general claimed that Apple needs to take stricter measures to protect private reproductive health data collected from app users , which are hosted on the App Store because they said information “can be taken by law enforcement agencies, private entities, or individuals to be armed against consumers.”

“From simple health and wellness apps to period, fertility, and pregnancy tracking apps, we’ve made it possible for our phones to collect, store — and sometimes share — our most personal and private reproductive health information,” said Tong, a Democrat who was re-elected to a second term on Nov. 8, said in a statement. “Apple says it has strong privacy and security safeguards for its devices, but those safeguards don’t extend to the apps they host on their store. Apple can and must do better in demanding robust privacy protections and ensuring private reproductive health information is not used to criminalize and harass those who seek and provide abortion.”

In addition to Tong, the Attorneys General of New Jersey, California, Oregon, Massachusetts, Washington, North Carolina, Illinois, Vermont and Washington, DC also signed the letter.

In response to a request from Hearst Connecticut Media, an Apple spokesperson declined to comment specifically on the attorney general’s letter.

However, the speaker did provide an overview of privacy for Apple’s Health app, including a link to the company’s policies on sharing Health app data with third-party apps. Users can choose which Health app data they want to share with third-party apps, if any.

“Apps must request the ability to read or write data from your Health app,” the policy states. “All third-party apps must explain why they’re requesting access to your Health app data. Each app must also have a privacy policy that describes its use of health data, so you should review those policies before allowing apps to access your health data.”

But attorneys general expect Apple to implement additional safeguards. Citing what they argued, the risk that location history, search history, and related health data poses to people seeking or performing abortions or other reproductive health care is what Apple requires app developers to do either certify or “affirmatively represent” to Apple. their privacy policy that they will take the following security measures:

• Delete data that is not strictly necessary to use the application—including location history, search history, and any other related data of consumers seeking, receiving, or assisting in reproductive healthcare

• Provide “clear and prominent notices” about the potential of App Store apps to disclose user data related to reproductive health care, and require apps to do so only where required by a valid subpoena, search warrant, or court order is required

• Require App Store applications that collect consumer reproductive health data or that sync with user health data stored on Apple devices to implement at least the same privacy and security standards as Apple’s with respect to that data

“These measures will prevent reproductive health information from being misused by those who would use it to harm patients or providers,” the attorney general said in the letter. “Failure to certify compliance with these measures should constitute grounds for removal from the App Store.”

They added: “Consumers cannot trust Apple’s privacy promises if applications on the App Store are not required to take active steps to protect this sensitive health data.” Providing an app or service should not come at the expense of the consumer losing control of their health data. To that end, Apple should take these measures to protect consumer privacy in the field of reproductive health. These steps will ensure Apple stays true to its commitment to ‘provide users with a safe experience’.”

The attorneys general concluded the letter by acknowledging Apple’s “commitment to privacy and security in its products,” as seen in its use of encryption to protect users’ health data, as well as its “transparency” with law enforcement requests for user data.

“But that alone isn’t enough when third-party apps on the App Store don’t respect and adhere to Apple’s privacy ethos,” the attorneys general concluded. “The millions of consumers who use Apple’s App Store to obtain health and reproductive services rely on Apple’s privacy assurances. We urge Apple to honor its commitment to protecting consumer privacy by requiring apps hosted on its platform to do the same.”

Holding tech giants accountable for their privacy practices was a key goal of Tong’s first term. Last week, he announced Connecticut would receive more than $6.5 million as part of a $391.5 million settlement with Google over its location-tracking practices related to Google account settings.

[email protected]; Twitter: @paulschott