The new changes were pushed out as part of the developers’ license agreement and put is very plainly saying that developers may “not sell an end-user's health information collected through the HealthKit API to advertising platforms, data brokers or information resellers”. There is still a provision to share information with third party agencies for medical research, but that requires permission of the user. We are sure that some forward thinking dev will drop that permission into their installer which users will simply click ok to.
The problem with this becomes one of what rights to the “research” agencies have with that data once they have it and how much information can be shared. If Apple requires the information to be anonymized then it is a lot less concerning. However we did not see anything that indicated this was a requirement. The license agreement is also vague on what constitutes valid medical research. As with almost anything, if there is a loophole, someone will find it and use it.
The collection of personal health information is not just an Apple issue. We are beginning to see very concerning trends in the amount of information that our devices collect on us. Just about everything from location to body temperature might be stored and/or forwarded to someone in the coming years. How much of this data is really needed and how much of it can be abused? We hope that companies like Apple, Google, Blackberry, and Microsoft will put better restrictions on the collection and sharing of this information (and include themselves) in the coming months. We also hope that users of these devices become better educated about just how much information they share from just regular use of their mobile devices.
Tell us what you think in our Forum