Apple health's privacy issues

Apple Health’s Privacy Issues

I’m wrong often enough that it’s a refreshing change of course when someone actually shares my sentiments.

I wrote an article not too long ago about one of Apple’s latest features that is set to roll out with iOS 8, Apple Health, and I expressed my concerns about Apple Health’s privacy issues with handing over sensitive data concerning health and fitness.

Apparently the Attorney General of Connecticut has some of the same concerns.

In an open letter published on September 12, George Jepsen, the Attorney General officially requested a meeting with Tim Cook, Apple’s CEO to discuss privacy issues that could possibly arise from Apple’s latest big thing. His concerns are a little different than mine are, though. Where I wonder if Apple is trustworthy enough to take care of the data it collects from our devices at all, Jepsen is more concerned about the logistics. He asks questions like

  • Will Apple review the privacy policies from 3rd party developers who use data from Apple Health?
  • How Apple is planning on safeguarding personal information, both on device and in the Cloud?
  • Exactly what kind of data Apple Health be collecting from its users?
  • How will Apple, and the 3rd party developers that it intends to police, obtain consent to both obtain and make use of this data?
  • How will Apple ensure 3rd party developers’ compliance with privacy standards?

These are all excellent questions that have a very real impact on how Apple Health is going to work. How will Apple ensure that the data that they collect be used in an ethical manner? How is the company going to prevent shady developers from creating apps with the express purpose of collecting data and then selling it to other interested parties?

Of course, with the current scope of the program, it’s not really that big of a concern. There are not a lot of people who are terribly interested in how many flights of stairs you climbed today, or how many calories you had at lunch. From how hard Apple is pushing it’s glorified pedometer, though, it can’t be long before they add more functionality to the program. This could range from remotely controlling or monitoring devices like insulin pumps and Pacemakers, to reminding someone to take certain medications (and notifying their doctor if they don’t), to even calling 911 in the case of an emergency.

Even in it’s current, rather benign state, however, a breach of privacy can still be a major concern. For example, what happens when someone creates an app for the express purpose of turning around and selling that data to insurance companies? Suddenly this glorified pedometer and calorie tracker becomes a very real tool that insurance companies can use to hike up already astronomical rates on asinine excuses. Oooh, I’m sorry. It looks like you consumed 1,000 calories too many over the last month. I’m afraid that’ll cost you an extra $50 a month. What’s this? It looks like you’re not exercising on a regular basis. That’s going to be an extra $120 if you want us to insure you.

Insurance companies don’t even have to come out and say that they’re using data that’s been collected on the down low. They can simply hike up rates without any sort of justification at all, or even just with a flimsy excuse.

Of course, one might say that this isn’t necessarily a bad thing. There are already programs where logging exercise can land you lower insurance rates, so we’ll just have to see which way the market turns.

At any rate, Jepsen’s concerns are especially valid given the recent scandal where iCloud accounts were hacked and nude photos of actresses were leaked for all to see. Given that health information is infinitely more sensitive and damaging than a couple of naked pics, a bit of skepticism is perfectly justifiable.