State AGs urge Apple to better protect reproductive health data

He invites ten chief state attorneys Apple will add new protections for reproductive health data contained in third-party apps found on the App Store.

IN In a letter to CEO Tim Cook, the attorneys general of California, Connecticut, the District of Columbia, Massachusetts, North Carolina, New Jersey, Oregon, Vermont and Washington said lax rules to protect reproductive health data could harm patients or providers after the rulings of the Supreme Court that overturned Roe v. Wade.

The group said location history, search history and adjacent health data — information related to a user’s past, present or future reproductive health — could pose a risk to people seeking or providing abortion, birth control or other reproductive care.

Attorneys general argue that Apple should require app developers to delete location, search and health data that isn’t necessary for the app to function. Apps should also provide clear notices detailing how their data is used, retained, and shared, and only release that data to third parties with a subpoena, search warrant, or court order.

The letter states that Apple often boasts high standards for data security and privacy, and third-party apps should adhere to their own rules.

“At a minimum, Apple should require apps in the App Store to meet certain threshold security requirements, such as encrypting biometric and other sensitive health data stored in apps, using end-to-end encryption when transmitting said data, and complying with Apple’s user opt-out control requirements,” the state attorneys general wrote. “To ensure long-term compliance, Apple should conduct periodic audits and remove or refuse to list third-party applications that violate these standards.”

Apple did not immediately respond to a request for comment.

A BIGGER TREND

After the decision in the Dobbs case came down over the summer, some security experts has raised concerns that data collected on reproductive health and period tracking apps could be used as evidence in states where abortion is now illegal. Others note that there is a range of digital information that could be at risk, such as text messages or search history.

In the letter of the Attorney General’s Office, it was stated a a recent Mozilla Foundation report found that a number of period tracking, pregnancy, and health and fitness apps have poor data privacy standards. Other research has found that many women’s health apps share data with third parties or don’t clearly display privacy policies.

ON THE MINUTES

“Protecting reproductive privacy in the wake of the Dobbs decision is paramount. Despite promoting privacy as one of its ‘core values,’ Apple simply has not done enough to ensure that private reproductive health data collected and stored by apps is not used to track, harass, or criminalize those who wish to exercise their reproductive freedoms,” New Jersey Attorney General Matthew J. Platkin said in a statement.