Apple tightens privacy rules for health apps
August 28, 2014 6:23 pm
Apple tightens privacy rules for health apps
By Tim Bradshaw in San Francisco
Apple is tightening up its privacy rules to ensure a new
generation of health and fitness apps are not thwarted by growing concerns over
how developers use personal data.
The rules will stop personal data collected through
Apple’s new HealthKit platform being used to target adverts for products such
as weight loss remedies.
HealthKit, which will track data including exercise
levels and sleep, is one of the key features of a new mobile operating system
that will next month launch alongside a new iPhone and a highly anticipated
wearable device, dubbed the iWatch by pundits.
Shares in Apple touched a fresh high on Thursday after
Apple sent out invites for a media launch on September 9, at which the group is
expected to unveil new iPhones and possibly a wearable device.
Health apps, which can track intimate data such as heart
rate, have seen a spike in popularity in the past year. But studies by
regulators and privacy groups have found some developers pass user data on to
advertising networks, often without telling the customer.
In the latest update to Apple’s iOS developer program
licence agreement, Apple said developers must “not sell an end-user’s health
information collected through the HealthKit API to advertising platforms, data
brokers or information resellers”.
The privacy clampdown comes as Apple seeks to
differentiate itself against rival Google, which relies on targeted ads for
much of its income.
In June, Apple unveiled its Health app, a new dashboard
to allow iPhone owners to track their heart rate, calorie intake, movement and
other fitness metrics from a variety of different apps in a single place.
Underlying the dashboard is the HealthKit system, which allows developers to
contribute data from their own apps and draw on information from others if
users grant permission.
Developers who want to tap into HealthKit's application
programming interface (API) must commit to a new set of rules, including a
requirement to link to a privacy policy.
HealthKit apps must not use the API or any information obtained
through it “for any purpose other than providing health and/or fitness
services”, Apple’s new rules state. All apps participating in the scheme must
offer privacy policies
Apps that break these rules risk ejection from the App
Store, while any breach of a privacy policy could involve federal regulatory
enforcement.
The move from an App Store dominated by games and chat
apps into health and fitness introduces much greater regulatory complexity for
Apple and the people who create software for its iPhone and iPad.
Above and beyond its already-strict rules for developers,
Apple is being extra careful in how it curates Health apps, after consulting
with regulators. In January, Apple executives discussed “medical applications”
with the US Food and Drug Administration, the agency’s records have shown.
In June, Flurry, a mobile analytics firm recently
acquired by Yahoo, reported a 62 per cent increase in usage of health apps,
outpacing the wider market’s growth.
Many of those apps, especially if they are free to
download, rely on advertising for their income.
Last year, Privacy Clearing House, a campaign group,
found that 43 per cent of the health apps it studied shared user-generated
personally identifiable information with advertisers. A study earlier this year
by the US Federal Trade Commission found that a sample of 12 fitness apps
transmitted users' information around dietary and workout habits to 76 third
parties.
HealthKit is aggregating data from what will likely be
multiple sources . . . Apple is being very careful as to how that is utilised
or controlled. It’s Apple tightening control on developers
- Geoff Blaber, analyst at CCS Insight
Some app makers are already working to combat these
concerns.
Earlier this month, Fitbit, a leading maker of fitness
tracking devices, put out a reworded privacy policy that made no changes to its
terms but tried to explain them in clearer language. “We don’t sell any data
that could identify you,” Fitbit's new policy says.
“HealthKit is aggregating data from what will likely be
multiple sources within one location on the device,” says Geoff Blaber, an
analyst at CCS Insight. “Apple is being very careful as to how that is utilised
or controlled. It’s Apple tightening control on developers.”
The new protections around health data follow Apple’s
previous attempts to offer more privacy controls around developers’ access to
an iPhone’s location or uploading their address book, areas which have caused
controversy in the past. Just last month, Apple faced criticism from the
Chinese media over the iPhone's location-tracking capabilities; Apple denied
any risk to national security.
In the wake of Edward Snowden’s revelations about spy
agencies’ attempts to tap tech companies’ huge data troves for surveillance,
the new iOS 8 update will include several other new privacy features. These
include regular prompts to confirm that apps can continue to track location,
new ways to block tracking cookies in its Safari web browser, and end-to-end
encryption of iMessages.
“Apple faces this increasingly tricky balance of ensuring
they are carefully regulating the data developers have access to, with
developers’ desire to create ever more innovative apps and services,” Mr Blaber
said. “Apple has always closely controlled what comes through the App Store,
far more so than Google.”
“There are lots of privacy and ethical implications, for
sure, but there is also great opportunity here to make a meaningful difference
on the aggregate health of the world,” says Jason Jacobs, chief executive of
exercise app Runkeeper, of Apple’s Healthkit initiative. “If they are
successful, it could make things both easier for developers and more valuable
for consumers and for healthcare in general.”
Copyright The Financial Times Limited 2014.
Comments
Post a Comment