Apple has responded to a Senate letter asking questions about its COVID-19 screening tools. The company sought to allay concerns around an app and website that it launched in late March, built in collaboration with the Centers for Disease Control and Prevention (CDC), Federal Emergency Management Agency (FEMA), and the White House. It promises that the tools include “strong privacy and security protections” and that Apple will “never” sell the data it collects.
The letter answers several questions posed by Senators Robert Menendez (D-NJ), Richard Blumenthal (D-CT), Kamala Harris (D-CA), and Cory Booker (D-NJ). Among other things, it reveals the terms of Apple’s agreement with the US Department of Health and Human Services (HHS). These include prohibitions on sharing any identifying user data with the CDC.
Apple senior government affairs director Timothy Powderly also tells the Senate that its tools aren’t covered by the health privacy law HIPAA. HIPAA governs when a company can disclose data to a third party, and Apple says there aren’t any third parties involved in collecting the information, since “data are entered into the website and app directly by users.”
The screening tool doesn’t ask for a user’s name, but it requests information about their age, travel history, possible exposure to infected people, and other details that could determine whether they should be tested for the novel coronavirus. Apple says it “collects only the information necessary” to run the app, including analytics like crash reports, and if it decides to store and share more data in the future, it would get user consent.
These tools are separate from — and far less complex than — the COVID-19 contact tracing system that Apple is developing alongside Google. That tool is set to launch in mid-May and raises its own set of privacy questions — although they’re ones that both companies have put a lot of work into addressing.
In a statement to The Verge, Menendez said that he appreciated the replies. “Apple’s response reflects a commitment to data privacy and the importance of taking proactive steps to protect it. I expect them to live up to this commitment and I will be there to hold them accountable if they fail,” he said. “I would hope that the Department of Health and Human Services — and the Trump Administration as a whole — follow similar steps to be more transparent and, for example, publish the full agreements they have signed with tech companies such as Apple.”