NJ Attorneys General Asks Apple to Protect User Privacy In Their Reproductive Health Apps

Source: North Jersey.com

Stronger measures are needed to ensure the privacy of data from smartphone apps that track menstrual periods, fertility and other reproductive health information so that it is not used by abortion opponents to target people seeking abortion services, New Jersey Attorney General Matt Platkin and top law enforcement officers in nine states wrote to Tim Cook, the CEO of Apple Inc.

Apps that track fertility or menstrual periods can be “weaponized” against people when the data is combined with location information and a user’s search history to identify — and potentially prosecute — people who seek abortion, birth control or other reproductive health services, the letter said.

It cited the example of an Indiana woman who was convicted and sentenced in 2015 for terminating her pregnancy, based in part on her texts and web-browsing history, as well as an email from a website that provided abortion-inducing medications. The conviction was subsequently overturned.

“Private purchasers of this sensitive data can use this information to harass, intimidate, or deter individuals who seek or provide reproductive health care,” the letter said. In states that have imposed abortion restrictions, prosecutors could potentially make use of such data to bring cases against people who buy abortion-inducing medications online or who travel to another state for an abortion. 

Many apps don’t meet minimum security standards, such as use of encryption, automatic security updates, strong password requirements and a clear and accessible privacy policy, according to a recent survey by the Mozilla Foundation. It said some apps lack even basic privacy policies, let alone policies that addressed the use of sensitive information.

The letter from the attorneys general asks Apple to require app developers to: 

● Certify to Apple that they will delete data that is not needed for the app, such as search history and location for period-tracking apps.

● Post clear and conspicuous privacy notices on their websites that spell out the circumstances under which personal information will be shared with law enforcement or others. These are especially important for people who have little experience “understanding and navigating the complex data collection and sharing economy,” the letter said.

● Refuse to provide personal information to a third party unless a valid subpoena or court order is served.

● For apps that sync with user health data stored on Apple devices, implement the same privacy and security standards that Apple uses with regards to data. For example, encrypt the data and limit the app’s access to certain information.

A spokeswoman for Apple highlighted the company’s privacy policy: “Any health data synced to iCloud is encrypted both in transit and on our servers. This means that when you use the Cycle Tracking feature and have enabled two-factor authentication, your health data synced to iCloud is encrypted end-to-end and Apple does not have the key to decrypt the data and therefore cannot read it.” 

Abortion is legal and protected in New Jersey. The letter did not mention any cases in New Jersey where private data had been misused.

$414K Food Sustainability Grant Allocated To Bergen County Agencies
TikTok Fake 'Celebrity Death' Trend Called 'Sick,' 'Unsettling'