Feeds

Apple tells devs: NO slurping users' HEALTH for sale to Dark Powers

By which we mean advertisers

Intelligent flash storage arrays

Apple is expected to unveil new products that will use the latest version of its iOS operating system, including new iPhones, on 9 September. But app developerswill be prevented from making sensitive user data available to third parties using the "HealthKit" platform.

This is according to the latest version of the firm's licence agreement.

Health, wellbeing and fitness apps using the new platform will be required to link to privacy policies, and will be prevented from using their access to Apple's software for "any purpose other than providing health and/or fitness services", the terms and conditions now state.

Developers – who've already had their hands on the mobile OS since June – will be able to share data with "third parties for medical research purposes", provided that the user consents. However, they will not be able to "sell an end-user's health information collected through the HealthKit API to advertising platforms, data brokers or information resellers", according to the licensing agreement.

Released to developers at the start of June, iOS 8 allows health and fitness apps to communicate with each other through a series of application programming interfaces (APIs) known as HealthKit with user permission. For example, a blood pressure app could share data with a healthcare provider's app without any additional input from the user.

Matthew Godfrey-Faussett, a technology law and digital health expert at Pinsent Masons, the law firm behind Out-Law.com, said that the pre-emptive announcement from Apple was not surprising given both the growth of the market for healthcare apps and the "direction of travel" in relation to data privacy. "The data that these apps can collect is highly valuable to a number of different businesses, both because of its sensitivity and because of the growing numbers of people using them, whether for weight loss, fitness or the management of chronic conditions," he said. "Given the huge growth in interest in digital health, it is unsurprising that advertisers, for example, are keen to target health-related data."

"The new HealthKit platform creates an interesting dilemma for Apple. The company will be keen to make its platform as attractive to use for developers as possible, while at the same time protecting users' privacy given the groundswell of public opinion against businesses that have been seen to be loose with sensitive data.

"The new terms also give Apple the opportunity to show regulators that it is increasing the level of protection it provides, given recent cases where technology and service providers have increasing obligations in relation to the management of data published using their platforms," he said.

Owners of mobile devices running Apple's iOS operating system, including iPhones and iPads, can already download thousands of third-party applications enabling them to track exercise, weight loss and sleeping patterns. Many of these apps rely on advertising for their income, especially if they are free to download.

The new HealthKit platform will be included as part of iOS8 and will enable apps to share data with each other and with Apple's new Health app through a series of APIs with user permission. The Health app will act as a central 'dashboard', allowing users to track metrics including heart rate, calories burned, blood sugar and cholesterol collected from a variety of different apps in one place.

Godfrey-Faussett said that the growth in the market for mobile healthcare apps could also lead to some interesting discussions over data liability and accuracy.

"App-generated data varies markedly in accuracy, and so must be handled carefully," he said. "Not only is it right that health-related data is only shared with third parties in appropriate circumstances for ethical reasons, there is also every chance that that data might be flawed or incomplete."

"In the context of lifestyle and 'wellness' apps, data accuracy might be the difference that makes one app better than a competitor's. Questions of legal liability - the developer's, or the platform's - could arise in the context of apps related to 'illness', such as those that measure data for the purposes of managing chronic conditions," he said.

In the UK, the Medicines and Healthcare Products Regulations Agency (MHRA) has suggested that app stores and suppliers of software that could be defined as a 'medical device' would not be able to avoid the application of the relevant regulatory regime, such as through the use of disclaimers in their terms and conditions. Strict rules set at EU level govern the safety and marketing of medical devices.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Beginner's guide to SSL certificates

More from The Register

next story
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.