Stronger measures are needed to ensure the privacy of data from smartphone apps that track menstrual periods, fertility and other reproductive health information so that it is not used by abortion opponents to target people seeking abortion services, 10 attorneys for Apple Inc. said. Monday.
Led by New Jersey Attorney General Matt Platkin, top law enforcement officers in nine states that protect abortion rights, along with the District of Columbia, wrote to Apple CEO Tim Cook.
The letter stated that “Apple has not done enough,” and demanded that the company take additional steps to ensure that third-party apps that use the Apple platform adhere to the same privacy standards as Apple. The letter said that people who download apps from the App Store expect the same privacy and security standards as Apple.
You say, “What happens on your iPhone stays on your iPhone.” Platkin tweeted on Monday.
Some commonly used apps that track reproductive health information are Flo, Ovia, and Bellabeat.
The Supreme Court’s June 24 decision to overturn Roe v. Wade gave states the power to restrict or protect abortion services. Currently, most abortions are banned in 13 states, while new restrictions are being challenged in others. Sixteen countries protect the right to abortion.
The letter to Apple was signed by attorneys general from California, Connecticut, Illinois, North Carolina, Oregon, Vermont, Washington and the District of Columbia, as well as New Jersey. It was also signed by Maura Healy, the current Attorney General and Governor-elect of Massachusetts.
more:More patients are coming to NJ to get abortions after Rowe is reversed. And this number could grow
more:New Jersey has created a “strike force” to protect abortion rights and personal health data
The letter said apps that track fertility or menstrual periods can be “weaponized” against people when combining the data with location information and a user’s search history to identify – and potentially prosecute – people seeking abortions, birth control or other reproductive health services. .
He cited the example of an Indiana woman who was convicted and sentenced in 2015 for terminating her pregnancy, based in part on her texts and web browsing history, as well as an email from a website that offered abortion-inducing drugs. The conviction was later overturned.
“Private purchasers of sensitive data can use this information to harass, intimidate, or deter individuals seeking or providing reproductive health care,” the letter states. In states that have restricted abortion since Dobbs v. Jackson and Women’s Health in the US Supreme Court. With the organization’s decision, prosecutors could use this data to file cases against people who buy abortion-inducing drugs online or who travel to another country to have an abortion.
Abortion is legal and protected in New Jersey. The letter did not mention any cases in New Jersey in which private data was misused.
President Joe Biden in July signed an executive order on protecting online data privacy, assigning responsibility to the Federal Trade Commission and the Department of Health and Human Services.
Many apps don’t meet minimum security standards, such as using encryption, automatic security updates, strong password requirements, and a clear and accessible privacy policy, according to a recent Mozilla survey. It said some apps lack even basic privacy policies, let alone policies dealing with the use of sensitive information.
A letter from the Attorney General asking Apple to require app developers to:
● Confirm to Apple that it will delete data that is not needed for the app, such as search history and location for period tracking apps.
● Post clear and visible privacy notices on their websites explaining the circumstances under which personal information will be shared with law enforcement or other parties. These are especially important for people who have little experience “understanding and navigating complex data collection and the sharing economy,” the letter said.
● Refuse to provide personal information to a third party unless a valid subpoena or court order is served.
● For apps that sync with user health data stored on Apple devices, implement the same privacy and security standards that Apple uses for the data. For example, encrypt data and restrict application access to certain information.
The letter also requests that Apple audit third-party apps so that they continue to comply with Apple’s standards.
An Apple spokeswoman highlighted the company’s privacy policy. “When your phone is locked with a passcode, Touch ID, or Face ID, all of your health and fitness data in the Health app, other than your Medical ID, is encrypted,” according to the policy. Any health data synced to iCloud is encrypted in transit and on our servers.
“This means that when you use cycle tracking and two-factor authentication is enabled, your health data synced to iCloud is end-to-end encrypted and Apple does not have the key to decrypt the data and therefore cannot read it.”
The spokeswoman said users have “narrow control” over the information they share with health-related apps: “A user must give explicit permission to each app to read and write data to the HealthKit store. Users can grant or deny permission separately for each type of data “.