Press Releases

Attorney General William Tong

11/23/2022

Attorney General Tong Urges Apple to Protect Consumers’ Reproductive Health Information Through Apple App Store in the Wake of U.S. Supreme Court Dobbs Decision

Letter to Apple CEO Highlights Security Gaps Posing Risks to Privacy & Safety of App Users

(Hartford, CT) -- Attorney General William Tong joined a coalition of ten attorneys general urging Apple to protect consumers’ private reproductive health information on apps available through its App Store following the U.S. Supreme Court’s Dobbs decision overturning Roe v. Wade.

In a letter sent to Apple CEO Tim Cook this week, Attorney General Tong joined the coalition in calling for privacy-enhancing measures to protect the private reproductive health data collected from users of apps hosted on Apple’s App Store to prevent individuals seeking or providing abortion care from potential action and harassment by law enforcement, private entities, or individuals.

“From basic health and wellness apps, to period tracking, fertility and pregnancy tracking apps, we have enabled our phones to collect, retain—and sometimes share—our most personal and private reproductive health information. Apple says it has strong privacy and security measures for its devices, yet those protections do not extend to the apps they host on their store. Apple can and must do better to demand robust privacy protections and to ensure private reproductive health information is not used to criminalize and harass those seeking and providing abortion care,” said Attorney General Tong.

While Apple has adopted privacy and security measures consistent with its stated goals of protecting consumers’ privacy, the attorneys general note that apps hosted on Apple’s App Store frequently fail to meet these same standards and protections for this sensitive data. This gap in Apple’s protections threatens the privacy and safety of App Store consumers, and runs directly counter to Apple’s publicly expressed commitment to protect user data, according to the letter.

Given the demonstrated risk that location history, search history, and adjacent health data poses to individuals seeking or providing abortions or other reproductive health care, the coalition urges Apple to require app developers to either certify to Apple or affirmatively represent in their privacy policies that they will take the following security measures:

Delete data not essential for the use of the application, including location history, search history, and any other related data of consumers who may be seeking, accessing, or helping to provide reproductive health care;

Provide clear and conspicuous notices regarding the potential for App Store applications to disclose user data related to reproductive health care, and require that applications do so only when required by a valid subpoena, search warrant, or court order; and

Require App Store applications that collect consumers’ reproductive health data or that sync with user health data stored on Apple devices to implement at least the same privacy and security standards as Apple with regards to that data.
The proposed measures would safeguard reproductive health information from being wrongfully exploited by those who would use it to harm pregnant women or providers and are consistent with Apple’s professed promises of privacy protection on the App Store, the letter explains.
Today’s letter details several reasons why it is necessary for Apple to pursue each of these data-protection measures in the wake of the Dobbs decision.

The letter explains that deleting data related to reproductive health care is the first line of defense to protect consumers who, often unknowingly, leave digital trails of their actions to obtain or provide reproductive health care. At the same time, the letter highlights that what data apps do retain and share is often obscured by vague and unclear privacy policies—making it impossible for consumers to make informed decisions about who to trust with their sensitive reproductive health data. This makes it critical for Apple to ensure that apps provide clear and conspicuous notices regarding third-party access to reproductive health data, the letter explains.

Finally, the letter makes it clear that it’s not enough that Apple protects the reproductive health data it collects and stores. Apple’s purported commitment to privacy and consumer protection demands that the company require the same vigilance on the part of third-party apps that sync with Apple Health, as well as apps that collect reproductive health data from consumers.

Specifically, the letter urges Apple to implement a clear process to audit third-party apps’ compliance with Apple’s privacy and security standards. At a minimum, Apple should require apps on the App Store to meet certain threshold security requirements, such as encryption of biometric and other sensitive health data stored on applications, use of end-to-end encryption when transmitting said data, and compliance with Apple’s user opt-out controls. Compliance with these measures should be represented in the privacy policies of App Store apps. Long-term, Apple should conduct periodic audits and remove or refuse to list third-party apps in violation of these standards.

In signing the letter, Attorney General Tong joins the attorneys general of New Jersey, California, Oregon, Massachusetts, Washington, North Carolina, Illinois, Vermont, and Washington, D.C.

A copy of the letter is available here.
Twitter: @AGWilliamTong
Facebook: CT Attorney General
Media Contact:

Elizabeth Benton
elizabeth.benton@ct.gov

Consumer Inquiries:

860-808-5318
attorney.general@ct.gov