Attorneys general in nine states and the District of Columbia are urging Apple this week to introduce new App Store requirements designed to safeguard sensitive health data linked to reproductive care.
In a letter to Apple CEO Tim Cook, the dozen chief law enforcement officials accused the company of leaving open a “gap” in its data protection policies that, they said, “threatens the privacy and safety of App Store consumers, and runs directly counter to Apple’s public expressed commitment to protect user data.”
The officials are asking Cook to implement new rules on app developers requiring the deletion of non-essential data, including the location and search histories of users “seeking, accessing, or helping to provide reproductive health care.”
Additionally, the officials urged Apple to demand app makers certify they’d only disclose reproductive health data in response to a “valid subpoena, search warrant, or court order.” App makers should be required, the officials said, to provide “clear and conspicuous notices” to consumers whenever there’s a potential for such health data to be disclosed to third parties.
“Third-party apps available on the App Store collect consumers’ private reproductive health data, which can be weaponized against consumers by law enforcement, private entities, or individuals,” the officials said.
The letter proclaims Apple customers have made their concerns about the way mobile apps are handling reproductive data clear in the wake of Dobbs v. Jackson, the Supreme Court case that eliminated the constitutional right to an abortion after almost 50 years. And while Apple frequently touts that privacy is among its “core values,” the company has “not done enough” in this particular regard, the letter says.
“Consumers cannot trust Apple’s privacy promises if applications on the App Store are not required to take active measures to protect this sensitive health data,” the officials added.
The letter is signed by New Jersey Attorney General Matt Platkin, who led the effort to approach Cook, as well as the attorneys general for California, Connecticut, the District of Columbia, Illinois, Massachusetts, North Carolina, Oregon, Vermont and Washington state.
At the time of writing, the repeal of the landmark Roe v. Wade decision has either triggered or resulted in state laws banning most abortions in 13 states. This includes nine states where no exceptions are made for victims of rape or incest. (Mississippi’s law includes an exception for rape, but not incest.)
Republican legislators in eight other states have attempted to pass bans but are being blocked by courts at present while legal battles play out.
The criminalization of abortion has ignited new fears over the digital surveillance practices of state and local law enforcement agencies, particularly in states such as Texas, where people face potential criminal prosecution for helping abortion seekers travel to other states where care is still legal.
There are also concerns in Texas that judges could order internet companies to surrender data in civil cases arising from the state’s abortion bounty system. The system effectively deputizes ordinary citizens to sue anyone involved in performing an abortion. Vigilante claimants stand to collect cash payments of $10,000 in each case won.
Of equal concern is law enforcement agencies potentially sidestepping the courts altogether and using a Fourth Amendment loophole to purchase location data. While the Supreme Court has held that it is unconstitutional for police to compel access to location data without a warrant, the US Justice Department and other countless agencies have determined that buying it instead is legal.
State and local police agencies are already known to purchase software that uses mobile app data to track people’s movements. Such tools have the potential to be used to track activity around women’s health clinics or to help prosecutors surface evidence against anyone traveling out of state for a procedure.
In their letter to Apple, the nine attorneys general also highlighted specific concerns around period trackers, pregnancy and fertility apps, and health and fitness wearable devices. Citing a recent survey by the nonprofit Mozilla Foundation, the officials noted that many apps failed to meet minimum security standards, and that some even lacked “basic privacy policies, let alone policies that addressed the use of sensitive information.”
“We acknowledge Apple’s commitment to privacy and security across its products, as evidenced by its use of encryption to protect user health data as well as its transparency into law enforcement requests for user data,” the officials said. “But that alone is insufficient if third-party apps on the App Store fail to respect and adhere to Apple’s privacy ethos.”