On Tuesday, House Energy and Commerce Committee Chairman Frank Pallone, Jr. (D-N.J.) and Consumer Protection and Commerce Subcommittee Chair Jan Schakowsky (D-Ill.) announced that they sent a letter to Apple CEO Tim Cook asking the company about the accuracy of its new App Privacy labels and to review these labels after reports suggested its labels were misleading or inaccurate.
“According to recent reports, App Privacy labels can be highly misleading or blatantly false. Using software that logs data transmitted to trackers, a reporter discovered that approximately one third of evaluated apps that said they did not collect data had inaccurate labels,” Pallone and Schakowsky wrote. “A privacy label is no protection if it is false. We urge Apple to improve the validity of its App Privacy labels to ensure consumers are provided meaningful information about their apps’ data practices and that consumers are not harmed by these potentially deceptive practices.”
Apple’s new privacy labels appear as simplified boxes on each app’s product page concisely stating the app’s data collection practices in an effort to help users better understand an app’s privacy practices before they download an app. These labels provide information on “data used to track you, data linked to you, data not linked to you, and data not collected.” Moreover, each label “lists the specific types of data – including search history, location, purchases, and identifiers – used by the app” based on information app developers give Apple, but Apple “does not independently verify the accuracy of the information provided by the developers.” Consequently, the lawmakers claimed that recent reports have found that around one third of evaluated apps labeled as “Data Not Collected,” do in fact collect data. For example, an app that simulates slime allegedly shared identifying information with large tech companies and shared data about the phone’s battery level, storage, general location and volume level with a video game software development company, despite its purportedly false label claiming that the app did not collect any data.
The lawmakers noted that Apple’s attempt to simplify and enhance privacy disclosure is commendable; however, they claimed that user trust could be damaged if these labels are false and misleading. The lawmakers wrote, “(w)ithout meaningful, accurate information, Apple’s tool of illumination and transparency may become a source of consumer confusion and harm. False and misleading privacy labels can dupe privacy-conscious consumers into downloading data-intensive apps, ultimately eroding the credibility and integrity of the labels. A privacy label without credibility and integrity also may dull the competitive forces encouraging app developers to improve their data practices.” As a result, the lawmakers asked Apple to improve the validity of these labels “to ensure consumers are provided meaningful information about their apps’ data practices and that consumers are not harmed by these potentially deceptive practices.”
The lawmakers have also requested that Apple respond to a variety of questions by Feb. 23, 2021, including:
- Detailing the process by which Apple audits the privacy information that app developers provide and the frequency that these audits are conducted;
- How many apps have been audited since the App Privacy labels? and how many were found to be inaccurate or misleading?;
- Whether Apple ensures that these labels are corrected upon discovering inaccuracies or misleading information;
- Details about Apple’s enforcement policies when an app does not have accurate privacy information on the App Privacy label;
- If Apple requires more in-depth privacy disclosures and conducts stricter oversight for apps targeted to children under 13?; and
- Does Apple notify users when one of their app’s privacy labels has materially changed?