Apple Store Data Privacy Profiles
Epilepsy group meets Apple’s new rules on app data privacy
Data privacy remains one of the most important issues when developing health apps. Consumers need to be able to make informed choices about the data privacy risks involved when downloading and using a health app, and weigh this against the promised benefits. Yet scientific reviews continue to reveal how data is often leaked to third parties without the user even being aware.
At the end of last year, Apple introduced a commitment not to update apps on its store unless the developers complete new information requirements on data privacy relating to the app. A few months on, a random sample of apps suggest that most health app developers are yet to display data privacy using Apple’s icons and descriptions.
SUDEP – data privacy clearly profiled
It is therefore exceptional that a patient group has managed to get their privacy data up on the Apple Store, ahead of most commercial health app developers. The UK epilepsy group SUDEP (Sudden Unexpected Death in Epilepsy) Action have just updated their app EpSMon – Epilepsy Self Monitor.
The update is on the App store because the group was able to provide a statement to Apple of how it collects and uses data via the app.
When you to the store, Apple shows two categories defined for this app as:
- “Data linked to you” (email address, name)
- “Data not linked to you” (Health, Sensitive info).
It may take a little time for consumers to get used to Apple’s icons and terminology about types of data use. Apple defines the terms in a guide for developers.
So, for example, Apple lists examples of “Sensitive Info” there:
“Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data.”
Data privacy policies vary widely between apps. If, over time, Apple’s icons and terms become familiar to consumers, it could introduce a more consistent approach to how developers write their data privacy statements.
For patient groups commissioning or developing apps, knowing that data privacy information is required in Apple’s format to launch or update an app on the Apple store is now a key step.
Why is it not happening more widely, yet?
Hopefully, the apps we looked at are simply not being updated yet. Typically, people browsing for a health app will see a message like:
- “No details provided. The developer will be required to provide privacy details when they next submit their next app update.”
How hard is it for groups to complete the privacy information?
In the longer term though, people will get more used to seeing the data privacy checklists on the Apple app store, and expect to see them. Pragmatically, patient groups are going to need to provide the data privacy information to update their apps and get them seen on the store.
Currently, completing the data requires:
- Some technical expertise in interpreting the specific Apple terminology and requirements.
Most of all, it’s about having time to do it. Designing your app’s data privacy statement around Apple’s new format will certainly save time long term if Apple is your key store to reach consumers. Clearly, the first time adapting a policy to fit Apple’s terminology will some thought and interpretation for non-specialists.
What does it mean for consumers?
Currently, it helps consumers to see the detailed guidance for developers first in order to see definitions and examples and get a complete view of the benefits or data privacy risks of using a specific health app. However, over time, Apple’s approach is likely to become more familiar.
Plus in parallel, Apple is continuing to produce education support on data privacy. This includes their recent downloadable PDF, `A day in the life of your data’, which shows some of the data privacy risks and Dad and Daughter face when taking a simple trip out to a playground, and how to minimise these.