Feeds

Apple to devs: NO slurping users' HEALTH for sale to Dark Powers

By which we mean advertisers

Choosing a cloud hosting partner with confidence

Apple is expected to unveil new products that will use the latest version of its iOS operating system, including new iPhones, on 9 September. But app developers – who've already had their hands on the mobile OS since June – will be prevented from making sensitive user data available to third parties using the "HealthKit" platform.

This is according to the latest version of the firm's licence agreement.

Health, wellbeing and fitness apps using the new platform will be required to link to privacy policies, and will be prevented from using their access to Apple's software for "any purpose other than providing health and/or fitness services", the terms and conditions now state.

Developers will be able to share data with "third parties for medical research purposes", provided that the user consents. However, they will not be able to "sell an end-user's health information collected through the HealthKit API to advertising platforms, data brokers or information resellers", according to the licensing agreement.

Released to developers at the start of June, iOS 8 allows health and fitness apps to communicate with each other through a series of application programming interfaces (APIs) known as HealthKit with user permission. For example, a blood pressure app could share data with a healthcare provider's app without any additional input from the user.

Matthew Godfrey-Faussett, a technology law and digital health expert at Pinsent Masons, the law firm behind Out-Law.com, said that the pre-emptive announcement from Apple was not surprising given both the growth of the market for healthcare apps and the "direction of travel" in relation to data privacy. "The data that these apps can collect is highly valuable to a number of different businesses, both because of its sensitivity and because of the growing numbers of people using them, whether for weight loss, fitness or the management of chronic conditions," he said. "Given the huge growth in interest in digital health, it is unsurprising that advertisers, for example, are keen to target health-related data."

"The new HealthKit platform creates an interesting dilemma for Apple. The company will be keen to make its platform as attractive to use for developers as possible, while at the same time protecting users' privacy given the groundswell of public opinion against businesses that have been seen to be loose with sensitive data.

"The new terms also give Apple the opportunity to show regulators that it is increasing the level of protection it provides, given recent cases where technology and service providers have increasing obligations in relation to the management of data published using their platforms," he said.

Owners of mobile devices running Apple's iOS operating system, including iPhones and iPads, can already download thousands of third-party applications enabling them to track exercise, weight loss and sleeping patterns. Many of these apps rely on advertising for their income, especially if they are free to download.

The new HealthKit platform will be included as part of iOS8 and will enable apps to share data with each other and with Apple's new Health app through a series of APIs with user permission. The Health app will act as a central 'dashboard', allowing users to track metrics including heart rate, calories burned, blood sugar and cholesterol collected from a variety of different apps in one place.

Godfrey-Faussett said that the growth in the market for mobile healthcare apps could also lead to some interesting discussions over data liability and accuracy.

"App-generated data varies markedly in accuracy, and so must be handled carefully," he said. "Not only is it right that health-related data is only shared with third parties in appropriate circumstances for ethical reasons, there is also every chance that that data might be flawed or incomplete."

"In the context of lifestyle and 'wellness' apps, data accuracy might be the difference that makes one app better than a competitor's. Questions of legal liability - the developer's, or the platform's - could arise in the context of apps related to 'illness', such as those that measure data for the purposes of managing chronic conditions," he said.

In the UK, the Medicines and Healthcare Products Regulations Agency (MHRA) has suggested that app stores and suppliers of software that could be defined as a 'medical device' would not be able to avoid the application of the relevant regulatory regime, such as through the use of disclaimers in their terms and conditions. Strict rules set at EU level govern the safety and marketing of medical devices.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Business security measures using SSL

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.