Feeds

Apple tells devs: NO slurping users' HEALTH for sale to Dark Powers

By which we mean advertisers

Internet Security Threat Report 2014

Apple is expected to unveil new products that will use the latest version of its iOS operating system, including new iPhones, on 9 September. But app developerswill be prevented from making sensitive user data available to third parties using the "HealthKit" platform.

This is according to the latest version of the firm's licence agreement.

Health, wellbeing and fitness apps using the new platform will be required to link to privacy policies, and will be prevented from using their access to Apple's software for "any purpose other than providing health and/or fitness services", the terms and conditions now state.

Developers – who've already had their hands on the mobile OS since June – will be able to share data with "third parties for medical research purposes", provided that the user consents. However, they will not be able to "sell an end-user's health information collected through the HealthKit API to advertising platforms, data brokers or information resellers", according to the licensing agreement.

Released to developers at the start of June, iOS 8 allows health and fitness apps to communicate with each other through a series of application programming interfaces (APIs) known as HealthKit with user permission. For example, a blood pressure app could share data with a healthcare provider's app without any additional input from the user.

Matthew Godfrey-Faussett, a technology law and digital health expert at Pinsent Masons, the law firm behind Out-Law.com, said that the pre-emptive announcement from Apple was not surprising given both the growth of the market for healthcare apps and the "direction of travel" in relation to data privacy. "The data that these apps can collect is highly valuable to a number of different businesses, both because of its sensitivity and because of the growing numbers of people using them, whether for weight loss, fitness or the management of chronic conditions," he said. "Given the huge growth in interest in digital health, it is unsurprising that advertisers, for example, are keen to target health-related data."

"The new HealthKit platform creates an interesting dilemma for Apple. The company will be keen to make its platform as attractive to use for developers as possible, while at the same time protecting users' privacy given the groundswell of public opinion against businesses that have been seen to be loose with sensitive data.

"The new terms also give Apple the opportunity to show regulators that it is increasing the level of protection it provides, given recent cases where technology and service providers have increasing obligations in relation to the management of data published using their platforms," he said.

Owners of mobile devices running Apple's iOS operating system, including iPhones and iPads, can already download thousands of third-party applications enabling them to track exercise, weight loss and sleeping patterns. Many of these apps rely on advertising for their income, especially if they are free to download.

The new HealthKit platform will be included as part of iOS8 and will enable apps to share data with each other and with Apple's new Health app through a series of APIs with user permission. The Health app will act as a central 'dashboard', allowing users to track metrics including heart rate, calories burned, blood sugar and cholesterol collected from a variety of different apps in one place.

Godfrey-Faussett said that the growth in the market for mobile healthcare apps could also lead to some interesting discussions over data liability and accuracy.

"App-generated data varies markedly in accuracy, and so must be handled carefully," he said. "Not only is it right that health-related data is only shared with third parties in appropriate circumstances for ethical reasons, there is also every chance that that data might be flawed or incomplete."

"In the context of lifestyle and 'wellness' apps, data accuracy might be the difference that makes one app better than a competitor's. Questions of legal liability - the developer's, or the platform's - could arise in the context of apps related to 'illness', such as those that measure data for the purposes of managing chronic conditions," he said.

In the UK, the Medicines and Healthcare Products Regulations Agency (MHRA) has suggested that app stores and suppliers of software that could be defined as a 'medical device' would not be able to avoid the application of the relevant regulatory regime, such as through the use of disclaimers in their terms and conditions. Strict rules set at EU level govern the safety and marketing of medical devices.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
Chrome 38's new HTML tag support makes fatties FIT and SKINNIER
First browser to protect networks' bandwith using official spec
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.