Attorney General Tong Urges Apple to Protect Consumers’ Reproductive Health Information Through the Apple App Store Following U.S. Supreme Court’s Dobbs Ruling
Letter to Apple CEO Highlights Security Gaps That Pose Privacy and Security Risks to App Users
(Hartford, CT) – Attorney General William Tong has joined a coalition of ten attorneys general urging Apple to protect consumers’ private reproductive health information on apps available through its App Store following the Court’s Dobbs decision. Supreme Court of the United States quashing Roe v. Wade.
In a letter sent this week to Apple CEO Tim Cook, Attorney General Tong joined the coalition in calling for privacy safeguards to protect private reproductive health data collected from users. applications hosted on the Apple App Store to prevent people from seeking or providing abortion care. against any action and potential harassment by law enforcement, private entities or individuals.
“From basic health and wellness apps to period tracker, fertility and pregnancy apps, we’ve enabled our phones to collect, store and sometimes share our most personal and private reproductive health information. . Apple says it has strong privacy and security measures in place for its devices, but those protections don’t extend to the apps they host on their store. Apple can and must do better to demand strong privacy protections and to ensure that private reproductive health information is not used to criminalize and harass those who seek and provide abortion care,” said Attorney General Tong.
Although Apple has adopted privacy and security measures consistent with its stated goals of protecting consumer privacy, attorneys general note that apps hosted on Apple’s App Store often do not meet those same standards. and protections for this sensitive data. This gap in Apple’s protections threatens the privacy and security of App Store consumers, and goes directly against Apple’s publicly expressed commitment to protecting user data, according to the letter.
Given the demonstrated risk that location history, search history, and adjacent health data pose to individuals seeking or providing abortions or other reproductive health care, the coalition urges Apple to require developers to applications that they certify to Apple or affirmatively state in their privacy policies that they will take the following security measures:
• Delete data not essential to the use of the application, including location history, search history and any other related data of consumers who may seek, access or help provide health care. reproductive health;
• Provide clear and visible notices regarding the potential for App Store apps to disclose user data related to reproductive health care, and require apps to do so only when required by a valid subpoena, search warrant or court order; and
• Require App Store apps that collect consumers’ reproductive health data or sync with users’ health data stored on Apple devices to implement at least the same privacy and security standards as Apple regarding this data.
The proposed measures would protect reproductive health information from misuse by those who use it to harm pregnant women or providers and are consistent with Apple’s pledges to protect privacy on the App Store, the letter explains. .
Today’s letter details several reasons why it is necessary for Apple to pursue each of these data protection measures following the Dobbs decision.
The letter explains that the deletion of data related to reproductive health care is the first line of defense to protect consumers who, often unknowingly, leave digital traces of their actions to obtain or provide reproductive health care. At the same time, the letter points out that the data that apps store and share is often masked by vague and unclear privacy policies, preventing consumers from making informed decisions about who to trust with their sensitive data on reproductive health. It is therefore essential for Apple to ensure that applications provide clear and visible notices regarding third-party access to reproductive health data, explains the letter.
Finally, the letter makes it clear that it is not enough for Apple to protect the reproductive health data it collects and stores. Apple’s purported commitment to privacy and consumer protection requires the company to demand the same vigilance from third-party apps that sync with Apple Health, as well as apps that collect reproductive health data from consumers.
Specifically, the letter urges Apple to implement a clear process to verify third-party apps for compliance with Apple’s privacy and security standards. At a minimum, Apple should require App Store apps to meet certain minimum security requirements, such as encryption of biometrics and other sensitive health data stored on apps, use of end-to-end encryption when transmission of such data and compliance with Apple policy. user opt-out controls. Compliance with these measures must be represented in the privacy policies of App Store applications. In the long term, Apple should periodically audit and remove or refuse to list third-party apps that violate these standards.
In signing the letter, Attorney General Tong joins the attorneys general of New Jersey, California, Oregon, Massachusetts, Washington, North Carolina, Illinois, Vermont and Washington, D.C. .
A copy of the letter is available here.