Feeds

Apple tells devs: NO slurping users' HEALTH for sale to Dark Powers

By which we mean advertisers

Internet Security Threat Report 2014

Apple is expected to unveil new products that will use the latest version of its iOS operating system, including new iPhones, on 9 September. But app developerswill be prevented from making sensitive user data available to third parties using the "HealthKit" platform.

This is according to the latest version of the firm's licence agreement.

Health, wellbeing and fitness apps using the new platform will be required to link to privacy policies, and will be prevented from using their access to Apple's software for "any purpose other than providing health and/or fitness services", the terms and conditions now state.

Developers – who've already had their hands on the mobile OS since June – will be able to share data with "third parties for medical research purposes", provided that the user consents. However, they will not be able to "sell an end-user's health information collected through the HealthKit API to advertising platforms, data brokers or information resellers", according to the licensing agreement.

Released to developers at the start of June, iOS 8 allows health and fitness apps to communicate with each other through a series of application programming interfaces (APIs) known as HealthKit with user permission. For example, a blood pressure app could share data with a healthcare provider's app without any additional input from the user.

Matthew Godfrey-Faussett, a technology law and digital health expert at Pinsent Masons, the law firm behind Out-Law.com, said that the pre-emptive announcement from Apple was not surprising given both the growth of the market for healthcare apps and the "direction of travel" in relation to data privacy. "The data that these apps can collect is highly valuable to a number of different businesses, both because of its sensitivity and because of the growing numbers of people using them, whether for weight loss, fitness or the management of chronic conditions," he said. "Given the huge growth in interest in digital health, it is unsurprising that advertisers, for example, are keen to target health-related data."

"The new HealthKit platform creates an interesting dilemma for Apple. The company will be keen to make its platform as attractive to use for developers as possible, while at the same time protecting users' privacy given the groundswell of public opinion against businesses that have been seen to be loose with sensitive data.

"The new terms also give Apple the opportunity to show regulators that it is increasing the level of protection it provides, given recent cases where technology and service providers have increasing obligations in relation to the management of data published using their platforms," he said.

Owners of mobile devices running Apple's iOS operating system, including iPhones and iPads, can already download thousands of third-party applications enabling them to track exercise, weight loss and sleeping patterns. Many of these apps rely on advertising for their income, especially if they are free to download.

The new HealthKit platform will be included as part of iOS8 and will enable apps to share data with each other and with Apple's new Health app through a series of APIs with user permission. The Health app will act as a central 'dashboard', allowing users to track metrics including heart rate, calories burned, blood sugar and cholesterol collected from a variety of different apps in one place.

Godfrey-Faussett said that the growth in the market for mobile healthcare apps could also lead to some interesting discussions over data liability and accuracy.

"App-generated data varies markedly in accuracy, and so must be handled carefully," he said. "Not only is it right that health-related data is only shared with third parties in appropriate circumstances for ethical reasons, there is also every chance that that data might be flawed or incomplete."

"In the context of lifestyle and 'wellness' apps, data accuracy might be the difference that makes one app better than a competitor's. Questions of legal liability - the developer's, or the platform's - could arise in the context of apps related to 'illness', such as those that measure data for the purposes of managing chronic conditions," he said.

In the UK, the Medicines and Healthcare Products Regulations Agency (MHRA) has suggested that app stores and suppliers of software that could be defined as a 'medical device' would not be able to avoid the application of the relevant regulatory regime, such as through the use of disclaimers in their terms and conditions. Strict rules set at EU level govern the safety and marketing of medical devices.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Security for virtualized datacentres

More from The Register

next story
Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
Windows NEIN skipped, tech preview due out on Wednesday
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.