Dive Brief:
- A group of 10 state attorneys general is asking Apple to enact stronger privacy controls for third-party apps collecting reproductive health information, as concerns around the sensitive data mount following the demise of Roe v. Wade earlier this year.
- Apps holding the sensitive health data should be required to delete nonessential information and clearly inform consumers what information they share with parties such as law enforcement, the AGs said in a letter sent Monday to Apple CEO Tim Cook.
- The New Jersey-led coalition also urged Apple to conduct periodic audits and remove noncompliant third-party apps from its app store.
Dive Insight:
The Supreme Court’s decision in June overturned decades of precedent and threw the nation’s healthcare system into chaos. The ruling has resulted in a patchwork system of reproductive health access in the U.S., and concerns among pro-abortion rights activists and privacy advocates that states could use data from period tracking and other reproductive health apps against patients seeking abortion services.
The letter argues that apps tracking fertility or periods can be “weaponized” against their users if the data is combined with location data and search history. It cites the example of an Indiana woman who was convicted and sentenced in 2015 for ending her pregnancy based in part by her web history and texts.
Apple needs to do more to protect consumers who leave digital trails of their actions to obtain or provide abortions, the 10 state attorneys general wrote — especially since the tech giant says privacy is one of its core values on both the iOS platform and its app store.
Apple should require app developers to either certify to Apple or represent in their privacy policies that they will take a number of measures to protect consumers, the letter urges.
Those steps include deleting nonessential data, such as location or search history; stating whether they disclose user data related to reproductive healthcare; only disclosing data when required by a subpoena or search warrant; and implementing at least the same privacy and security standards as Apple does with regards to the data, like encryption of biometric and other sensitive health data and compliance with Apple’s user opt-out controls.
“Despite promoting privacy as one of its ‘core values’ Apple simply has not done enough to ensure that private reproductive health data collected and stored by apps will not be used to track, harass, or criminalize those seeking to exercise their reproductive freedoms,” New Jersey Attorney General Matthew Platkin said in a Monday statement.
Companies that manage reproductive health data, including smartphone apps that track fertility, periods and other health information, data brokers and large tech giants, have been shoring up security around health data since the Supreme Court’s decision. In September, period tracking giant Flo rolled out an anonymous mode, giving consumers the option to use the app without their name or identifying data.
Yet many apps don’t meet minimum security standards, such as the use of strong password requirements, according to Mozilla.
In July, the House Oversight Committee began investigating how the business practices of reproductive health apps and data brokers could potentially weaponize consumers’ private information, and the FTC pledged to crack down on medical and location data sharing, following an executive order from President Joe Biden.
One month later, the agency sued Idaho-based data broker Kochava for selling geolocation data that could be used to track consumers’ locations, including to and from sensitive areas like reproductive health clinics. A number of other brokers, including SafeGraph and Placer.ai, have committed to stop the practice, while Google has pledged to automatically delete location data showing whether consumers visited an abortion clinic.