Apple bans iOS developers from selling HealthKit data to ad networks

Apple bans iOS developers from selling HealthKit data to ad networks

Summary: No, developers will not be allowed to sell your health data for targeted advertising.

TOPICS: Mobility, Apple, iOS

Health data that will soon be stored on iOS 8-powered devices could be a gold mine for ad networks, but Apple has made it off limits for now.

Ahead of Apple's expected September 9 new device launch, the company has set new rules for what developers can do with health data collected using its HealthKit platform — chiefly that they're not allowed to sell health data that could be used for targeted advertising.

HealthKit, available as part of iOS 8, offers developers a set of APIs to share their apps' data with Apple's new Health app, the iOS health hub where users can view data about their sleep, heart rate, calories burned, blood sugar, and cholesterol.

The Financial Times reported that an update to Apple's iOS developer program license agreement told developers that they must "not sell an end-user's health information collected through the HealthKit API to advertising platforms, data brokers or information resellers".

As noted by The Guardian, app developers using HealthKit can still share data with "third parties for medical research purposes" so long as they have the user's consent.

Apple's vision for the HealthKit is that it will allow users to share health data directly with doctors. The company has reportedly already been in discussions with healthcare professionals and also health insurers about how the platform could be used in the healthcare sector.  

The company has also placed rules around what type of apps can use HealthKit data. Only apps that are "primarily designed to provide health and/or fitness services" will be able to use HealthKit APIs, according to The Guardian. Developers will also not be able to use HealthKit data for serving advertising themselves.

Of course, Apple's developer agreement don't prevent rogue developers from breaking the rules, however anyone serious about their app would risk being booted out of Apple's tightly curated App Store.

According to the FT, Apple execs have also discussed medical apps with the US Food and Drug administration, while others in the health tracking business, such as Fitbit, have recently clarified that they don't sell data that could identify the user.

Apple is expected to announce a new 4.7-inch display iPhone on September 9, and possibly an even larger 5.5-inch phone in addition to a new wearable that may be its long-rumored iWatch. 

Read more on this story

Topics: Mobility, Apple, iOS

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Trust is earned.

    I don't see anyone earning any.
    • Apple banned in-app purchasing too

      Until they figured out a way to get a cut of it.
      Now they happily assist in the deception.

    this is irrelevant
    health data is protected under HIPPA
    • HIPAA

      HIPAA protects your health date, but not in this case. Neither the developer, nor Apple are covered entities under the HIPAA rules, and the developer could put a line like "... user gives permission for their health data to be used by third parties..." in a EULA that's horribly long. Not many people read the EULAs. I would argue that since it is known that your other personal info on your device is available to the public for targeted advertising that you have absolutely no expectation of privacy.

      Once the medical data leaves a covered entity, then the person who has the info is no longer bound by the HIPAA rules. That's why if you want your medical records emailed to you, you have to sign a waiver that you understand your data is not secure and that anyone could read it. HIPAA states we have to give users their data electronically if they ask for it, but no matter what media it's on, disk, USB stick, email, etc... we make them sign a waiver that states they know that it's out of our hands now, and it's up to them to protect their health data.
      • HIPAA Breaches Are Expensive

        Apple has to walk a very thin line here. If they are dealing with ANY health-related data, that data is protected by HIPAA laws in the U.S. It would be the same if a surgeon wore Google Glass in an operating room. You can't give that data to ANYONE (especially advertisers) without the patient's permission in writing. Imagine people or companies keeping your medical records and somehow selling them to your place of employment ("Why do you want a raise? You are going to be dead in less than a year!"). Or worse, to insurance companies (if Obamacare ever goes away).
        • The datat are not protected

          HIPAA rules only apply to covered entities. These are defined as:
          ♦Health care providers who transmit any health information electronically in connection with certain transactions
          ♦Health plans
          ♦Health care clearinghouses

          Neither Apple not most any app developers are covered entities as defined by HIPAA.
          This is entirely dissimilar to a surgeon wearing Google Glass.
          • They don't need to reveal your data to sell its value

            Anyway, good luck with trying to scale local laws to the internet.
  • No mention of scanning data for targeting Ads

    If one purchases the APP, then that should be the ONLY revenue they get IMO.

    If it's used free, then I could see Ad based funding in certain scenarios, but this creates a dangerous precedent IMO.

    Shopping, Web-surfing data is innocuous enough, but health related data goes beyond my comfort zone.
  • The ad changes...

    once your heart stops, your family gets lots of ads for funeral services... :-)
    Tony Burzio
    • I'm thinking big data is just like every other database ever created

      There's no way to remove anything, removal was never considered in the design, and will result in lots of marketing to dead people and all sorts of other anomalies such as certain size enhancements to gender changers etc. etc.
    • if you are on the organ donor registry

      The organs get listed on ebay under special 15 minute listings and the bidding war starts....
  • Apple bans developers.....

    ...because Apple wants to cash in by themselves..? :-)
    • Because Apple is a tech company

      Unlike Google that is an advertising company.
      • If Apple was a tech company

        They would let you use songs as ringtones and not charge you again.
        Apple is profit first. Tech only as a deception to profit.
  • Clarity

    Unless I see a readable and understandable EULA coupled to a proven process, I'll bow out.
    First adopter? Not for something critical like this.

    Besides, none of my docs are planning on using anything HealthKit in the next year....
  • whenever you ban something

    you raise the price of said item on black market.
    Thanks to Apple, your healthkit data will sell at a premium on the black market.
    well played Apple.
    • Oh please. How much effort do you really have to put in to troll?!?

      • a little bit more than you...

        trying to figure out how to read emails on an iphone in airplane mode.