For Immediate Release:
Monday, November 21, 2022
Contact: Nazneen Ahmed
(RALEIGH) Attorney General Josh Stein today expressed concern to Apple CEO Tim Cook about the privacy of users’ reproductive health information following the U.S. Supreme Court’s Dobbs decision and asked Apple to take commonsense steps to protect private reproductive health information.
“Apple has elevated its commitment to keeping its customers’ data confidential and secure – but it can do more,” said Attorney General Josh Stein. “Apple has a responsibility to make sure that third-party apps on its App Store also protect people’s data, especially when it comes to sensitive, private information about medical care that can have serious, real-life repercussions for North Carolinians. I hope Apple takes seriously these privacy concerns and works to address them.”
Attorney General Stein called for Apple to implement privacy-enhancing measures to protect users’ private reproductive health data collected from apps hosted on Apple’s App Store. These measures are necessary to prevent people who seek or provide abortion care from potential action and harassment by law enforcement, private entities, or other people. While Apple has adopted a number of privacy and security measures consistent with its stated goals of protecting consumers’ privacy, apps hosted on its App Store frequently fail to meet these same standards or to implement appropriate protections for this sensitive data. This gap in Apple’s protections threatens the privacy and safety of App Store users.
Location history, search history, and adjacent health data pose serious risks to people seeking or providing abortions or other reproductive health care. People often unknowingly leave digital trails of their actions to obtain or provide reproductive health care. And concerningly, apps often obscure what data they retain and share through vague and unclear privacy policies—making it impossible for people to make informed decisions about who to trust with their sensitive reproductive health data.
The attorneys general are asking Apple to require app developers to either certify to Apple or affirmatively represent in their privacy policies that they will take the following security measures:
- Delete data not essential for the use of the application, including location history, search history, and any other related data of consumers who may be seeking, accessing, or helping to provide reproductive health care.
- Provide clear and conspicuous notices regarding the potential for App Store applications to disclose user data related to reproductive health care, and require that applications do so only when required by a valid subpoena, search warrant, or court order; and
- Require App Store applications that collect consumers’ reproductive health data or that sync with user health data stored on Apple devices to implement at least the same privacy and security standards as Apple with regards to that data.
The proposed measures would safeguard reproductive health information from being wrongfully exploited by those who would use it to harm pregnant women or providers and are consistent with Apple’s professed promises of privacy protection on the App Store. These measures would also ensure that App Store apps comply with Apple’s privacy and security standards and meet certain threshold security requirements
Attorney General Stein is joined in sending this letter by the Attorneys General of California, Oregon, Massachusetts, Washington, New jersey, Connecticut, Illinois, Vermont, and the District of Columbia.
A copy of the letter is available here.