FTC taking Apple to task over health data

Apple insists it won't sell user health info

At this point in our collective cultural existence, privacy is a thing of the past. We’re all walking targets. Between social media and search ads, we don’t stand a chance. Now sprinkle in a few health monitoring devices and boom! Big data knows us inside and out.

The FTC is reportedly looking at Apple to make sure it’s protecting user health data from being used without the consent of its device owners, according to two sources who spoke to Reuters.

So far, it looks as though no official inquiry or investigation is being launched into the maker of the soon-to-be-released Apple Watch, but the Federal Trade Commission and Apple have reportedly met on several occasions over the past few months to hammer out how Apple plans to protect user health data. Apparently, the FTC has been zeroing in on the Apple Watch and its ability to track the wearer’s pulse. Apple has repeatedly assured the Commission that it won’t sell health data or allow third parties to do so.

It’s a dicey matter, given the fact that a recent FTC study found that many health app developers do indeed share and sell user health data. The Commission looked into 12 mobile health apps and found that the developers were sharing user data with no fewer than 76 different parties, including advertisers. The study found that 14 of those parties acquired names, user names, and email info, while 22 parties got medical symptom searches, zipcodes, gender info, as well as diet and exercise data.

The FTC’s Chief Technologist, Latanya Sweeney, has expressed concern over the fact that such information could be used against users by employers, insurers, and financial institutions.

Health apps are not regulated by the FDA because they don’t meet the definition of a medical device, but the FTC does have some (limited) ability to punish companies for breaking promises of security and confidentiality to consumers.

Apple’s on it, though. The company is said to be considering appointing an in-house health privacy “czar.” And back in August, Apple bolstered its privacy policies by ensuring that health data collected by HealthKit could not be used by developers for advertising or other data mining purposes. Apple also has clear opt-in rules, requiring users to give consent before app developers are granted access to their health information. Additionally, data collected via the Apple Watch will remain encrypted on that device.