NJ urges privacy for reproductive health app

By: Lindy Washburn
NorthJersey.com
USA Today Network - New Jersey

..... Strong measures are needed to ensure the privacy of data from smartphone apps that track menstrual periods, fertility, and other reproductive health information so that it is not used by abortion opponents tot target people seeking services, the attorneys general in 10 states told apple, Incorporated on Monday. [11/21/2022]
..... Led by New Jersey Attorney General Matt Platkin, the top law enforcement officer in 10 states that protect abortion rights wrote Tim Cook, the Apple CEO.
..... "Apple has not done enough," the letter said, requesting that the company take additional steps to ensure that third-party apps that sue the Apple platform adhere to the same privacy standards as Apple. People downloading the apps form the App Store expect the same standards of privacy and security as Apple provides, the letter said.
..... "You say, 'Wat happens on your iPhone stays on your iPhone.' We intend to hold yo to that," Platkin tweeted Monday. [11/21/2022]
..... Some commonly used apps that track reproductive health information are Flo, Ovia and Bellabeat.
..... The Supreme Court;s June 24 [2022] decision overturing Roe v. wade gave the states the power to restrict or protect abortion services. Currently, most abortions are outlawed in 13 states, while court challenges of new restrictions are underway in others. Sixteen states protect the right to an abortion.
..... The letter to Apple was signed by attorneys general from California, Connecticut, Illinois, North Carolina, Oregon, Vermont, Washington and the District of Columbia, as well as New Jersey. Maure Healey, the current attorney general and governor-elect of Massachusetts, also signed it.
..... Apps that track fertility or menstrual periods can be "weaponized" against people when the data is combined with location information and a user's search history to identify - and potentially prosecute - people who seek abortion, birth control or other reproductive health services, the letter said.
..... It cited the example of an Indian woman who was convicted and sentenced in 2015 for terminating her pregnancy,based in part on her texts and web-browsing history, as well as an email from a website that provided abortion-inducing medications. The conviction was subsequently overturned.
..... "Private purchasers of this sensitive data can use this information to harass, intimidate, or deter individuals who seek or provide reproductive health care," the letter said. In states that have imposed abortion restrictions following the U.S. Supreme Court;s Dobbs v. Jackson Women's Health Organization, prosecutors could potentially make use of such data to bring cases against people who buy abortion-inducing medications Online or who travel to another state for an abortion.
..... Abortion is legal and protected in New Jersey. The letter did not mention any cases in New Jersey where private data had been misused.
..... President Joe Biden in July [2022] order about protecting data privacy Online, and assigned responsibility to the Federal Trade Commission and the Department of Health and Human Services.
..... Many apps don't meet minimum security standards such as sue of encryption, automatic security updates, strong password requirements, and a clear and accessible privacy policy, according to a recent survey by the Mozilla Foundation. It said that some apps lack even basic privacy policies, let alone policies that addressed the use of sensitive information.
..... The attorney generals' letter asks Apple to require app developers to:
* Certify to Apple that they will delete data that is not needed for the app, such as search history and location for period-tracking apps.
* Post clear and conspicuous privacy notices on their websites that spell out the circumstances under which personal information will be shared with law enforcement or others. These are especially important for people who have little experience "understanding and navigating the complex data collection and sharing economy," the letter said.
* Refuse to provide personal information to a third party unless served a valid subpoena or court order is served.
* For apps that sync with user health data stored on Apple devices, implement the same privacy and security standards that Apple sues with regards to data. For example, encrypt the data and limit the app's access to certain information.
..... The letter also asks Apple to audit the third-party apps so that they continue to comply with Apple's standards.
..... A spokeswoman for Apple highlighted the company;s privacy policy. "When your phone is locked with a pass-code, Touch ID, or Face ID, all of your health and fitness data in the Health app, other than your Medical ID, is encrypted," according to the policy. "Any health data synced to iCloud is encrypted both in transit and on our servers.
..... "This means that when you use the Cycle tracking feature and have enabled two-factor authentication, your health data synced to iCloud is encrypted end-to-end and Apple does not have the key to decrypt the data and therefore cannot read it."
..... Users have "fine-grained control" over the information they share with health-related apps, the spokeswoman said. "The user must explicitly grant each app permission to read and write data to the HealthKit store. Users can grant or deny permission separately for each type of data."

HOME