New York Attorney General Letitia James has urged Apple, maker of the iPhone, and Google, developer of the Android operating system, to take steps to protect consumer information and privacy as New Yorkers and Americans continue to battle with COVID-19.
In letters to both companies, which follow up on inquiries previously made by the Office of the Attorney General, James has called on Apple and Google to ensure that existing and future third-party contact tracing apps published through Apple’s App Store and Android’s Play Store do not inappropriately collect and retain users’ sensitive information.
James is seeking the companies’ help in preventing untrusted third-party apps from collecting sensitive personal health information, minimizing invasive data collection and ensuring appropriate deletion of consumer information. She is also asking the companies to make clear to consumers the difference between apps launched by governmental public health agencies, meant to notify individuals when they may have been exposed to the virus, and third-party contact tracing apps, which could possibly take advantage of consumers for financial gain, according to a press release issued by James’ office.
“As businesses open back up and Americans venture outdoors, technology can be an invaluable tool in helping us battle the coronavirus,” James said in the release. “But some companies may seek to take advantage of consumers and use personal information to advertise, mine data, and unethically profit off this pandemic. Both Apple and Google can be invaluable partners in weeding out these bad actors and ensuring consumers are not taken advantage of by those seeking to capitalize on the fear around this public health crisis.”
The AG’s letters follow recent announcements by both Apple and Google, in which the companies stated that a joint framework would enable certain exposure notification apps on iPhones and Android phones to notify consumers when they have come in contact with and may have been exposed to someone with COVID-19.
This exposure notification framework was designed to protect consumer privacy, and only apps affiliated with federal or state public health agencies are permitted to make use of the framework. The specific apps that use this exposure notification framework are unable to access a device’s geolocation information and are prohibited from using consumer information for targeted advertising or any other purposes unrelated to COVID-19 response efforts, the release stated.
However, third-party contact tracing apps are not subject to the same requirements as apps affiliated with governmental public health agencies that rely on the exposure notification framework. Because of this, James has asked that Apple and Google commit to increased oversight of these apps by:
- Only permitting apps affiliated with federal or state public health agencies to collect sensitive, personal health information from consumers, such as COVID-19 test results;
- prohibiting third-party contact tracing apps from collecting and using consumer information for targeted advertising;
- prohibiting third-party contact tracing apps from using data to identify anonymous users; and
- requiring third-party contact tracing apps to delete consumer information on a rolling, 14-day basis, and to provide consumers with an easy-to-use mechanism for deleting their information.
James’ letters also urge Apple and Google to require third-party contact tracing apps to clearly disclose to consumers that they do not use the exposure notification framework available to governmental public health agencies. Additionally, she has asked these two companies to ensure that consumers can provide informed consent before using a third-party contact tracing app by requiring the apps to disclose the type of data they are collecting and how consumers will be tracked.
In an effort to minimize the risk of personal information being shared without consent, James recommends that consumers remain vigilant when downloading third-party apps that purport to offer contact tracing. Consumers should always check with the Apple App Store or Android Play Store for information on what entity operates the app and whether the app collects geolocation information or other data, the release stated.
Source: New York State Office of the Attorney General
Was this article valuable?
Here are more articles you may enjoy.