Connecticut Attorney General William Tong and several of his counterparts are calling on Apple to better protect consumers’ reproductive health information on apps available through its App Store, following the U.S. Supreme Court’s overturn in June of Roe v. Wade.
In a letter sent Monday to Apple Chief Executive Officer Tim Cook, Tong and other attorneys general asserted that Apple need to enact stronger measures to protect private reproductive health data collected from users of apps hosted on the App Store because they said that information “can be weaponized against consumers by law enforcement, private entities or individuals.”
“From basic health and wellness apps, to period tracking, fertility and pregnancy tracking apps, we have enabled our phones to collect, retain — and sometimes share — our most personal and private reproductive health information,” Tong, a Democrat who was re-elected on Nov. 8 for a second term, said in a statement. “Apple says it has strong privacy and security measures for its devices, yet those protections do not extend to the apps they host on their store. Apple can and must do better to demand robust privacy protections and to ensure private reproductive health information is not used to criminalize and harass those seeking and providing abortion care.”
In addition to Tong, the attorneys general of New Jersey, California, Oregon, Massachusetts, Washington, North Carolina, Illinois, Vermont, and Washington, D.C., also signed the letter.
In response to an inquiry from Hearst Connecticut Media, a spokesperson for Apple declined to comment specifically on the attorneys general’s letter.
The spokesperson provided, however, an overview of privacy protections for Apple’s Health app, including a link to the company’s policy on sharing Health app data with third-party apps. Users can determine what, if any, Health app data to share with third-party apps.
“Apps must request the ability to read data from or write data to your Health app,” the policy states. “All third-party apps must explain why they are requesting access to your Health app data. Each app is also required to have a privacy policy that describes its use of health data, so you should review these policies before providing apps with access to your health data.”
But the attorneys general are looking for Apple to implement additional safeguards. Citing what they argued is the risk that location history, search history and related health data poses to individuals seeking or providing abortions or other reproductive health care, the attorneys general want Apple to require app developers to either certify to Apple or “affirmatively represent” in their privacy policies that they will take the following security measures:
• Delete data not essential for the use of the application — including location history, search history and any other related data of consumers who might be seeking, receiving or helping to provide reproductive health care
• Provide “clear and conspicuous notices” about the potential for App Store applications to disclose user data related to reproductive health care and require that applications do so only when required by a valid subpoena, search warrant or court order
• Require App Store applications that collect consumers’ reproductive health data or that sync with user health data stored on Apple devices to implement at least the same privacy and security standards as Apple’s related to that data
“These actions will safeguard reproductive health information from being wrongfully exploited by those who would use it to harm patients or providers,” the attorneys general said in the letter. “Failure to certify compliance with these measures should constitute grounds for removal from the App Store.”
They added, “Consumers cannot trust Apple’s privacy promises if applications on the App Store are not required to take active measures to protect this sensitive health data. Provision of an app or service should not come at the cost of consumers losing control of their health data. To that end, Apple should pursue these measures to protect consumers’ reproductive health privacy. These steps will ensure that Apple stays true to its commitment ‘to provide a safe experience for users.’”
The attorneys general concluded the letter by acknowledging Apple’s “commitment to privacy and security across its products,” as seen in its use of encryption to protect users’ health data, as well as its “transparency” on law-enforcement requests for user data.
“But that alone is insufficient if third-party apps on the App Store fail to respect and adhere to Apple’s privacy ethos,” the attorneys general said, in closing. “The millions of consumers who use Apple’s App Store to obtain health and reproductive services rely on Apple’s assurances of privacy. We urge Apple to honor its commitment to protecting consumer privacy by requiring the apps hosted on its platform to do the same.”
Holding tech giants accountable for their data-privacy practices has been a key objective for Tong in his first term. Last week, he announced that Connecticut would receive more than $6.5 million as part of a $391.5 million multistate settlement with Google over its location-tracking practices related to Google Account settings.
pschott@stamfordadvocate.com; twitter: @paulschott
