Attorneys general from nine states and the District of Columbia are urging Apple to safeguard reproductive health data like menstrual cycles, fertility and other information on apps available on the App Store in the wake of the Supreme Court decision overturning Roe v. Wade.
The group, which is led by New Jersey Attorney General Matt Platkin and also includes attorneys general from California, Connecticut, the District of Columbia, Illinois, Massachusetts, North Carolina, Oregon, Vermont and Washington state, wrote a letter to Apple CEO Tim Cook this week requesting “privacy-enhancing” measures from the company.
In June, several lawmakers called for the Federal Trade Commission to probe the mobile tracking policies of Google and Apple. President Joe Biden issued an executive order in July asking the Federal Trade Commission and the Department of Health and Human Services to help protect reproductive health care privacy.
While the letter from the attorneys general acknowledges that Apple has adopted some privacy and security standards to safeguard user data as one of its “core values,” it points out that many third-party apps on the App Store that collect sensitive information about users’ reproductive health have failed to meet those standards.
A recent Mozilla Foundation assessment of 25 major reproductive health apps and wearable devices found that at least 18 of them presented privacy and security concerns. Most of the apps the Mozilla Foundation reviewed lacked clear guidelines about when and under what circumstances users’ data might be shared with law enforcement, and several even used such data without users’ consent.
Some commonly used apps that track reproductive health information, including menstrual cycles, are Flo, Glow, Ovia, Period Calendar Period Tracker and My Calendar Period Tracker.
“When it comes to app data related to reproductive health … Apple has not done enough,” the letter reads, saying that these “gaps” in Apple’s privacy policies could leave users vulnerable to legal action or harassment by law enforcement.
The Supreme Court’s June 24 decision in Dobbs v. Jackson Women’s Health Organization overturned Roe v. Wade and gave states the option to restrict or protect abortion. In 13 states, most abortions are now outlawed, while new abortion restrictions are facing court challenges in other states. Sixteen states plus Washington, D.C., have laws in place preserving the right to abortion.
The attorneys generals’ letter cited the case of a woman in Indiana who, in 2015, became the first woman in the United States to be charged, convicted and sentenced for terminating her own pregnancy; the state prosecutor used evidence including text messages, web history and an email from a website that sold medication to induce abortions. Her conviction was subsequently overturned.
“Protecting reproductive privacy in the wake of the Dobbs decision is paramount. Despite promoting privacy as one of its ‘core values’ Apple simply has not done enough to ensure that private reproductive health data collected and stored by apps will not be used to track, harass, or criminalize those seeking to exercise their reproductive freedoms,” Platkin said in a statement on Monday.
The attorneys general have urged Apple to require app developers to certify their privacy safeguards and also recommend that third-party apps should delete sensitive data that isn’t necessary to use the app, including location and search history.
“Deletion is the first line of defense to protect consumers who, often unknowingly, leave digital trails of their actions to obtain or provide reproductive health care,” the letter reads, arguing that this measure will prevent the flow of app data to those who want to exploit it or punish people seeking reproductive care.
The letter also says that app developers must “clearly” and “conspicuously” inform users if and when the apps would disclose reproductive health data to law enforcement and that disclosures “should not be hidden in lengthy, unclear policies that vary from app to app.”
The letter also recommends that apps that sync with users’ health data stored on Apple devices adopt the same security and privacy standards that Apple does, such as encrypting data and restricting the app’s access to specific pieces of information.
“Consumers cannot trust Apple’s privacy promises if applications on the App Store are not required to take active measures to protect this sensitive health data,” the letter said, adding that these steps will ensure that Apple stays true to its commitment “to provide a safe experience for users.”
Read the full letter below.