Apple Responds to Congressional Questions About User Privacy cnet.com

Marrian Zhou, CNet:

Apple’s iOS system encrypts location information and doesn’t associate that information with any name or Apple ID. The iOS operating system also permanently deletes data from an iPhone if the phone doesn’t connect to Wi-Fi or power for seven days.

iPhones without SIM cards will send a limited amount of information about cellular towers and Wi-Fi hotspots to Apple if the user has enabled location services. The information will be encrypted and isn’t used for targeting advertising. If location services are turned off, the iPhone won’t send any data to Apple.

And from Apple’s response itself:

Consistent with Apple’s view that privacy is a fundamental human right, we impose significant privacy-related restrictions on apps that are made available through the App Store. The App Store is a marketplace for third party apps and, when a customer chooses to download an app to an Apple device, the customer and app developer enter into a direct contractual relationship with one another governed by the terms of the developer’s end user license agreement and privacy policy. Apple is not a party to these relationships; rather developers are fully responsible for the content and services they provide in their apps. Notwithstanding the developer’s responsibilities and direct relationship with customers, Apple requires developers to adhere to privacy principle, including consumer choice, and has implemented technical- and policy-level controls to help ensure those principles are respected.

However, as Sarah Frier points out at Bloomberg, Apple has no control over data use after a user has agreed to share their data with a third-party developer:

Apple has built in two direct consumer controls: one, when you agree to share your contact information with the developer; and the other, when you toggle the switch in your settings to deny that permission. But neither is as simple as it seems. The first gives developers access to everything you’ve stored about everyone you know, more than just their phone numbers, and without their permission. The second is deceptive. Turning off sharing only blocks the developer from continued access — it doesn’t delete data already collected.

Notwithstanding that users can, of course, also deny permission when first prompted, there is no mechanism for them to pull their data completely using a simple toggle switch or similar. It’s more likely that they will need to ask the company specifically to remove their historical data, and they will only have legal standing to demand it in Europe — thanks to GDPR — and other companies with strong privacy protections.

Apple probably can’t — and, arguably, should not — police user data in the hands of third-party developers when permission has been granted for its use. They would end up having to regulate any number of companies that are notoriously bad stewards of user data, like Facebook and Google. Users shouldn’t be required to read the excessive and overly-permissive contracts in every app. That’s something governments ought to regulate instead, and we should be expecting them to do a better job.