Apple has taken great pains in the past to emphasize its stance on privacy. And in its newest ad campaign, the tech company is spotlighting how it protects data collected through the company’s Health app and HealthKit specifically.
The campaign comes at a time when many people are more concerned with the privacy of their health data than ever before. After the overturn of Roe v. Wade 11 months ago, many people began questioning how far antiabortion states would go and wondering if period-tracking apps could be used to prosecute people who sought out abortions. While it sounded far-fetched, in August 2022, a 17-year-old and her mother were arrested after a search warrant allowed police to read the teen’s Facebook DMs, which contained information about an alleged self-managed abortion. The teen pled guilty to related charges in May 2023; her mother’s trial is ongoing.
Apple’s campaign doesn’t explicitly mention the Dobbs decision, or give too much attention to its Cycle Tracking feature in particular. But it does stress how much control users have over who gets to see their private health information — and how little Apple is able to see.
“We’re particularly attentive to privacy issues when it comes to health,” Katie Skinner, a leader on Apple’s privacy engineering team, tells POPSUGAR.
“We believe our users should expect the same confidentiality from their technology as they do from their doctor,” says Lauren Cheung, MD, a senior manager on the clinical team at Apple. “I’m a physician myself, and I know just how sensitive some conversations are. Patients are telling me information that sometimes they’ve never told anyone else. And they do that because they’re confident in the privacy of our conversation. We believe our users should have that same kind of trust for the devices they’re using every day. As we create health features, we believe you should decide what you want to share and who you want to share it with, and you should have the ability to stop sharing that information at any time.”
The company shows just how important privacy is in an ad released on May 24, which humorously shows a waiting room full of people reacting while their most personal health complaints and habits — from hemorrhoids and night sweats to step counts and handwashing frequency — are broadcast aloud, narrated by Jane Lynch.
Skinner outlines the major ways Apple protects users’ health data, which are also detailed in a white paper released by the tech company on May 24. For starters, when your iPhone is locked via a passcode, Touch ID, or Face ID, all Health app data is encrypted, Skinner explains. Data backed up to the iCloud is encrypted in transit, and once it’s in the cloud.
A second method of protection is that users must grant explicit permission to share Health app or HealthKit data — and what types of data they share — with third-party apps.
The ability of third-party apps to read and write private information from your phone is of major concern to many smartphone users, and has been a topic of past Apple privacy campaigns. In this new campaign, Apple emphasizes that it requires third-party apps that request to read or write Health app data to use that data for health or fitness purposes, and to never use it for advertising or sell it to data brokers.
Before downloading any app, Skinner advises people to “look at the Privacy Nutrition Label, which gives them great information about what data is collected by that app, if it’s linked to them, used for tracking, etc., to help make the decision of do they want to share information with that app.”
Skinner also points people to the tips in the iPhone user guide that outline how users can review and lock down their privacy.
When asked what this all means for providing subpoenaed health data — say cycle-tracking info — Skinner reiterates Apple’s commitment to privacy via highly protected encryption. “This health data is stored encrypted on the device, and when it’s sent to iCloud, it is end-to-end encrypted with a default two-factor authentication and a passcode,” she says. “What that means is it’s backed up in a way that Apple cannot read it. So only you can decrypt and access your information and only on trusted devices where you are signed in with your Apple ID. No one else, not even Apple, can access this end-to-end encrypted data.”
So they wouldn’t be able to provide your information? “I’m an engineer, not a lawyer,” Skinner says. “But as we’ve described, Apple cannot read users’ health data when they have default two-factor authentication and a passcode, because this data in iCloud is end-to-end encrypted across devices.” A full 95 percent of iCloud users have two-factor authentication enabled.
It’s not an unequivocal statement. But David Reischer, an attorney and the CEO of LegalAdvice.com, who’s not affiliated with Apple, says, “My opinion is that it would be unlikely that Apple would comply with such a subpoena, absent a judicial decision that demanded compliance and such a case that went all the way up to the Supreme Court affirming a company’s duty to comply with such a local law or police power requesting such data.”
Image Source: Courtesy of Apple