Apple questioned on Watch privacy by state attorney general

Apple Watch

Apple WatchApple’s calling its new Apple Watch its “most personal device ever”.

Now Connecticut Attorney General George Jepsen has a few questions he’d like Apple to answer about how its planning to protect the privacy and the extremely personal details of the people who’ll be strapping on that most personal device ever.

Jepsen’s office announced on Monday that he’s sent Apple CEO Tim Cook a letter asking Apple for a meeting to discuss how the company plans to store and safeguard the health information the Apple Watch will be able to collect.

As it is, Apple’s Watch sounds personal, all right – it’s going to be packing infrared, visible-light LEDs and photodiodes to detect your heart rate; it will be able to actually send your heartbeat out with “Digital Touch”; and, according to a Cult of Mac report, it will rely on skin contact to foil robbers who snatch it from our wrists (but presumably not those who choose the holistic, machete-aided technique of taking our arms).

All of those capacities puts the Apple Watch squarely at the center of one of the most intimate slices of the personal data pie: health data.

The fitness data marketplace is exploding, and consumer advocates are already calling it a privacy nightmare.

Jepsen said he’s “encouraged” by Apple’s assurances that personal health information will be encrypted on the watch and that users will decide which applications gain access to their health data.

But, well, there are some details he’d still like to hear about, he said – hence the call for a chat.

Namely, as he outlined in his letter:

  • Whether Apple will allow consumers to store personal and health information on Apple Watch itself and/or on its servers, and if so, how information will be safeguarded;
  • If and how Apple will review application privacy policies to ensure that users’ health information is safeguarded;
  • If and how Apple intends to enforce policies that require the rejection of applications that provide diagnoses, treatment advice, or control hardware designed to diagnose or treat medical conditions that do not provide written regulatory approval;
  • What information Apple Watch and its applications will collect from users, and how Apple and application developers will obtain consent to collect and share such information from these individuals; and
  • How Apple intends to monitor and enforce applications’ compliance with its guidelines concerning users’ health information.

This isn’t the first time Jepsen’s raised privacy questions about new technology.

Last year, he met with Google reps, having made a similar request about privacy protections in Glass.

That led to the implementation of Google’s policy requiring review and approval of third-party Glass apps before they’re rolled out to users.

That’s all well and good. We’re glad Jepsen’s looking out for consumers as far as the privacy implications of gadgets like Apple Watch or Google Glass go.

But bear in mind, just because a company like Apple or Google cooks up a policy requiring sign-off on a third-party app doesn’t mean that jerkware can’t make it onto app stores.

Case in point: in the spring, a spyware app for Google Glass that could take photos without the telltale Glass display lighting up popped up on Play Store.

Created by Cal Poly researchers Mike Lady and Kim Paterson, the app was disguised as a note-taking app called Malnotes.

Google only discovered and removed the spyware after the researchers’ professor tweeted about the research experiment.

So keep on asking questions, AG Jepsen – and as you do, you might want to bear in mind that if the mighty Google isn’t impervious to malicious apps or other security threats, third-party app reviewing policy or no, then it could happen to Apple too.