Facebook Default 01

Attorney General Tong urges Apple to protect consumers’ reproductive health information

Press releases

Attorney General William Tong

23/11/2022

Attorney General Tong Urges Apple to Protect Consumer Reproductive Health Information Through Apple App Store in Wake of US Supreme Court Dobbs Decision

Letter to Apple CEO highlights security gaps that pose risks to privacy and safety of app users

(Hartford, CT) — Attorney General William Tong has joined a coalition of ten attorneys general urging Apple to protect consumers’ private reproductive health information about apps available through its App Store following the US Supreme Court s Dobbs decision that Roe v. Wade overthrew.

In a letter sent to Apple CEO Tim Cook this week, Attorney General Tong joined the coalition in calling for privacy-enhancing measures to protect the private reproductive health data collected from users of apps hosted on Apple’s App Store be protected to prevent individuals seeking or providing abortion care from possible actions and harassment by law enforcement, private entities or individuals.

“From basic health and wellness apps, to period, fertility and pregnancy tracking apps, we’ve enabled our phones to collect, retain – and sometimes share – our most personal and private reproductive health information. Apple says it has strong privacy and security measures in place for its devices, but these protections don’t extend to the apps they offer in their store. Apple can and must do better to demand robust privacy protections and to ensure that private reproductive health information is not used to criminalize and harass those who seek and provide abortion care.” said Attorney General Tong.

While Apple has adopted privacy and security measures consistent with its stated goals of protecting consumer privacy, the Attorney General notes that apps offered in Apple’s App Store often do not meet the same standards and protections for this sensitive data . This gap in Apple’s protections threatens the privacy and security of App Store consumers, and is in direct conflict with Apple’s public commitment to protect user data, according to the letter.

Given the demonstrated risk that location history, search history, and adjacent health data pose to individuals seeking or providing abortions or other reproductive health care, the coalition urges Apple to require app developers to either certify to Apple or affirmatively state in their privacy policies that they will take the following security measures:

Delete data that is not essential to the use of the Application, including location history, search history and any other related data of consumers who may be seeking, accessing or helping to provide reproductive health care;

Provide clear and conspicuous notices regarding the potential for App Store apps to disclose user data related to reproductive health care, and require apps to do so only when required by a valid subpoena, search warrant, or court order; and

Require App Store apps that collect consumer reproductive health data or that sync with user health data stored on Apple devices to implement at least the same privacy and security standards as Apple with respect to that data.
The proposed measures would prevent reproductive health information from being misused by those who would use it to harm pregnant women or providers and are consistent with Apple’s purported promises of privacy protection on the App Store, the letter explains.
Today’s letter sets out several reasons why it is necessary for Apple to pursue each of these data protection measures in the wake of the Dobbs decision.

The letter explains that deleting data related to reproductive health care is the first line of defense to protect consumers who, often unknowingly, leave behind digital traces of their actions in obtaining or providing reproductive health care. At the same time, the letter highlights that what data apps do retain and share is often obscured by vague and unclear privacy policies — making it impossible for consumers to make informed decisions about who to trust with their sensitive reproductive health data. This makes it critical for Apple to ensure that apps provide clear and conspicuous notices about third-party access to reproductive health data, the letter explains.

Finally, the letter makes clear that it is not enough for Apple to protect the reproductive health data it collects and stores. Apple’s purported commitment to privacy and consumer protection requires the company to demand the same vigilance on the part of third-party apps that sync with Apple Health, as well as apps that collect reproductive health data from consumers.

Specifically, the letter urges Apple to implement a clear process to audit third-party apps’ compliance with Apple’s privacy and security standards. At a minimum, Apple should require apps on the App Store to meet certain threshold security requirements, such as encryption of biometric and other sensitive health data stored on apps, use of end-to-end encryption when said data is transmitted, and compliance to Apple’s user opt-out controls. Compliance with these measures must be represented in the privacy policies of App Store applications. In the long term, Apple should conduct periodic audits and remove or refuse to list third-party applications that violate these standards.

In signing the letter, Attorney General Tong joins the attorneys general of New Jersey, California, Oregon, Massachusetts, Washington, North Carolina, Illinois, Vermont and Washington, DC

A copy of the letter is available here.

Twitter: @AGWilliamTong

Facebook: CT Attorney General


Media contact:

Elizabeth Benton
elizabeth.benton@ct.gov

Consumer Inquiries:

860-808-5318
attorney.general@ct.gov

Related Posts