Out-Law / Your Daily Need-To-Know

Out-Law News 3 min. read

Apple sets out privacy safeguards for developers of health and fitness apps


Developers of mobile applications using Apple's new 'HealthKit' platform will be prevented from making sensitive user data available to third parties according to the latest version of the firm's licence agreement.

Health, wellbeing and fitness apps using the new platform will be required to link to privacy policies, and will be prevented from using their access to Apple's software for "any purpose other than providing health and/or fitness services", the terms and conditions now state.

Developers will be able to share data with "third parties for medical research purposes", provided that the user consents. However, they will not be able to "sell an end-user's health information collected through the HealthKit API to advertising platforms, data brokers or information resellers", according to the licensing agreement.

Apple is expected to unveil new products which will use the latest version of its iOS operating system, including new iPhones, at an event on 9 September. Released to developers at the start of June, iOS 8 allows health and fitness apps to communicate with each other through a series of application programming interfaces (APIs) known as HealthKit with user permission. For example, a blood pressure app could share data with a healthcare provider's app without any additional input from the user.

Matthew Godfrey-Faussett, a technology law and digital health expert at Pinsent Masons, the law firm behind Out-Law.com, said that the pre-emptive announcement from Apple was not surprising given both the growth of the market for healthcare apps and the "direction of travel" in relation to data privacy.

"The data that these apps can collect is highly valuable to a number of different businesses, both because of its sensitivity and because of the growing numbers of people using them, whether for weight loss, fitness or the management of chronic conditions," he said. "Given the huge growth in interest in digital health, it is unsurprising that advertisers, for example, are keen to target health-related data."

"The new HealthKit platform creates an interesting dilemma for Apple. The company will be keen to make its platform as attractive to use for developers as possible, while at the same time protecting users' privacy given the groundswell of public opinion against businesses that have been seen to be loose with sensitive data. The new terms also give Apple the opportunity to show regulators that it is increasing the level of protection it provides, given recent cases where technology and service providers have increasing obligations in relation to the management of data published using their platforms," he said.

Owners of mobile devices running Apple's iOS operating system, including iPhones and iPads, can already download thousands of third-party applications enabling them to track exercise, weight loss and sleeping patterns. Many of these apps rely on advertising for their income, especially if they are free to download.

The new HealthKit platform will be included as part of iOS8 and will enable apps to share data with each other and with Apple's new Health app through a series of APIs with user permission. The Health app will act as a central 'dashboard', allowing users to track metrics including heart rate, calories burned, blood sugar and cholesterol collected from a variety of different apps in one place.

Godfrey-Faussett said that the growth in the market for mobile healthcare apps could also lead to some interesting discussions over data liability and accuracy.

"App-generated data varies markedly in accuracy, and so must be handled carefully," he said. "Not only is it right that health-related data is only shared with third parties in appropriate circumstances for ethical reasons, there is also every chance that that data might be flawed or incomplete."

"In the context of lifestyle and 'wellness' apps, data accuracy might be the difference that makes one app better than a competitor's. Questions of legal liability - the developer's, or the platform's - could arise in the context of apps related to 'illness', such as those that measure data for the purposes of managing chronic conditions," he said.

In the UK, the Medicines and Healthcare Products Regulations Agency (MHRA) has suggested that app stores and suppliers of software that could be defined as a 'medical device' would not be able to avoid the application of the relevant regulatory regime, such as through the use of disclaimers in their terms and conditions. Strict rules set at EU level govern the safety and marketing of medical devices.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.