Lawmakers Question Apple and Google on Personal Data Collection Policies

The U.S. House Energy and Commerce Committee this morning sent letters to Apple and Google parent company Alphabet to ask 16 multi-part questions about how the companies handle customer data, according to a press release.

The letter to Apple [PDF] cites recent media reports as the reason for the inquiry, referencing November news suggesting Android collects extensive user location data even when location services are disabled along with reports that smartphones collect and store "non-triggered" audio data from user conversations near a smartphone to hear a trigger phrase such as "Ok Google" or "Hey Siri."

While both of these reports were focused on Android, the House wants to know if Apple has similar practices, collecting location data when location services, WiFi, and Bluetooth are disabled or gathering "non-triggered" voice data from customers and sharing it with third-party sources.

A summary of some of the questions are below, with the complete list available in a PDF of the letter shared by the committee.

• When an iPhone lacks a SIM card (or if WiFi, Bluetooth, or location services are disabled), is that phone programmed to collect and locally store information through a different data-collection capability, if available, regarding: nearby cellular towers, nearby WiFi hotspots, or nearby Bluetooth beacons? If yes, are iPhones without SIM cards (or with WiFi/Bluetooth/location services disabled) programmed to send this locally stored information to Apple?
• If a consumer using an iPhone has disabled location services for multiple apps, but then reenables location services for one app, are iPhones programmed to reenable location services for all apps on that phone?
• Do Apple's iPhone devices have the capability to listen to consumers without a clear, unambiguous audio trigger? If yes, how is this data used by Apple? What access to this data does Apple give to third parties?
• Do Apple's iPhone devices collect audio recordings of users without consent?
• Could Apple control or limit the data collected by third-party apps available on the App Store? Please provide a list of all data elements that can be collected by a third-party app downloaded on an iPhone device about a user.
• Apple recently announced a partnership with RapidSOS for enhanced location services for 911 calls. What role will RapidSOS serve in the sharing and retention of this information?
• What limits does Apple place on third-party developers' ability to collect information from users' or from users' devices? Please describe in detail changes made in June 2017 from prior policies.

That last question references App Store Guidelines that Apple updated in June to restrict apps from from collecting user data to build advertising profiles or contact databases. The new rules also prohibit apps from harvesting data from an iPhone user's contacts to create contact databases.

The letter goes on to request Apple's policies for data collection via the microphone, Bluetooth, WiFi, and cellular networking capabilities, along with Apple's policies pertaining to third-party access and use of data collected by the microphone. It also asks whether Apple has suspended or banned companies for violating its App Store rules, requesting specific examples and whether users had been notified their data was misused when the developer was banned.

The House Energy and Commerce Committee asks Apple to make arrangements to provide a briefing on the topics listed in the letter, but it does not provide a timeline for when Apple needs to respond. Apple generally responds to these requests in a prompt manner, however.

Apple maintains stricter and more transparent privacy policies than companies like Google and Facebook, with a dedicated privacy website that explains its approach to privacy, outlines tools available to customers to protect their privacy, and details government data requests.

Privacy is at the forefront of many features Apple implements, and the company is careful to always outline the privacy protections that have been added when introducing new functionality. When introducing new Photos features in iOS 12 that allow for improved search and sharing suggestions, for example, Apple was quick to point out that these features are all on-device.

Apple executives have said several times that Apple customers are not the company's product, and Apple CEO Tim Cook has maintained that privacy is a fundamental human right. From a recent interview:

To me, and we feel this very deeply, we think privacy is a fundamental human right. So that is the angle that we look at it. Privacy from an American point of view is one of these key civil liberties that define what it is to be American.

Cook has also said that people are not fully aware of how their data is being used and who has access to it, a problem that "needs to be addressed."

"The ability of anyone to know what you've been browsing about for years, who your contacts are, who their contacts are, things you like and dislike and every intimate detail of your life - from my own point of view it shouldn't exist."

Apple is continually introducing new privacy tools and protections for customers. Both macOS Mojave and iOS 12 include security and privacy improvements designed to better protect users, with additional tracking protection in Safari on both operating systems and extended privacy protections in Mojave.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.