Apple recently implemented new App Store policies that required all developers to disclose the data collection behavior of their apps as a measure of transparency. However, an investigative report by The Washington Post’s Geoffrey Fowler revealed that privacy disclosures for many apps were misleading, and in some cases, downright inaccurate. In the wake of the revelation, Apple has been asked by the United States House of Representatives Committee on Energy and Commerce to improve the validity of the app privacy labels so that users can get reliable information about the apps they are going to install, or already have, on their devices.
“A privacy label is no protection if it is false. We urge Apple to improve the validity of its App Privacy labels to ensure consumers are provided meaningful information about their apps’ data practices and that consumers are not harmed by these potentially deceptive practices,” wrote the committee in its letter addressed to Apple CEO Tim Cook. The letter adds that in the absence of accurate information, Apple’s seemingly benevolent policy could become a source of confusion and harm to users for whom the privacy-centric policy was drafted in the first place.
More importantly, the US House Committee has sent Apple a series of questions, asking the company to explain the process of checking whether the privacy disclosure provided by developers is accurate or not. Apple has also been asked to reveal how frequently it audits these app privacy disclosures, what method is used to verify the information,
Furthermore, the committee has asked Apple how it will respond if a developer is caught providing an inaccurate app privacy disclosure. Following are some other questions of critical importance whose answers the committee has sought from Apple:
|Does Apple ensure that App Privacy labels are corrected upon the discovery of inaccuracies or misleading information? If not, why not? For each app that has been found to have provided inaccurate or misleading information, how quickly was that label corrected?
Does Apple require more in-depth privacy disclosures and conduct more stringent oversight of apps targeted to children under the age of 13? If not, why not? If so, please describe the additional disclosures required and the oversight actions employed for these apps.
Providing clear and easily comprehendible privacy information at the point of sale is certainly valuable, but privacy policies are not static. Does Apple notify users when one of their app’s privacy labels has materially changed? If not, why not. If so, how are users notified of such changes?