Apple has sent a letter to a group of U.S. senators that have questioned the privacy and security of the COVID-19 app and website that Apple designed along with the CDC, White House Coronavirus Task Force, and FEMA.
In the letter [PDF], which was published on Friday, Apple responded to Democratic senators Bob Menendez, Kamala Harris, Cory Booker, and Richard Blumenthal. The senators had, in a letter to Apple CEO Tim Cook, expressed concern over how confidential health data is handled in the app and website.
Apple addresses each of the questions the senators had asked and clarified that the app and website were built with privacy utmost in mind.
Consistent with Apple’s strong dedication to user privacy, the COVID-19 app and website were built to protect the privacy and security of users’ data. As you note, use of the tools do not require a sign-in or association with a user’s Apple ID, and users’ individual responses are not sent to Apple or any government organization. Access to important information and guidance regarding individual health or the health of a loved one should not require individuals to compromise their privacy rights. Rather, it is in times like these, that our commitment to protecting those rights is most important. Our COVID-19 app and website were designed with that in mind.
Apple offered the specific details the government had asked for about the company’s agreements with the federal government and state governments. Apple informed the senators that Apple has entered into an agreement with HHS through the Office of the Assistant Secretary of Health and the CDC for the development of the website.
The letter also clarified that the app and the screen site are not covered by or subject to HIPAA laws in the U.S., as no healthcare providers or health insurance companies have access to the information.
Apple assured the senators that it doesn’t collect any of the information entered into the app or website, and applies the same data minimization principles to the COVID-19 tool as it does to other products. The only data stored is that necessary to allow for operation of the app, which includes non-personably identifiable information, such as total number of visits to the website, any app crashes, and whether the screening tool had been started, canceled, or completed.
Apple’s full letter to the U.S. senators can be read here.