> A user’s health information is stored in a centralized and secure location and the user decides which data should be shared with your app.
I'm glad the information is stored securely and the user has control over what is shared with targeted apps, but it says nothing about what is shared with Apple. Companies need to be clear about these things right up front.
It's starting to remind me of the book 'The Circle" by Dave Eggers[1]. Where a company ("The Cirlce") eventually, essentially, takes over the control of all information in the world.
It wasn't my favorite book, although I very much respected my Mom for getting it for me. It's an easy read. And it makes you realize what could potentially happen I suppose. It's like 1984 written in 2010. And the ending...well I won't spoil it. Probably worth the read for the reminder. And it is very engaging. A lot of my complaints are almost metaphysical in nature. In that it is very hard to describe definitively what my issue was.
Well, at least in the US there are laws about health information storage, as well as compliance standards and companies who are VERY good at making sure you are in compliance.
Obviously there are failures of the system, but nobody in the field thinks of it as anything less than very serious business.
If the information is covered under HIPAA Apple will have to be compliant with US federal regulations regarding the security of personal health data. They can't just willy-nilly make the data available to whomever they want. I'm not sure what the equivalents are in other countries, but the US keeps ratcheting up the fines for people who don't comply. Also, all the hospitals whose logos were shown aren't going to allow themselves to be parties to violations of people's privacy.
I would assume everything is, just on general principle, unless Apple explicitly promised it is not, in writing in language that does not allow any ambiguity. "Centralized" means "not locally", and "secure" only means "it's not available publicly on the Internet, we promise", so I see no reason to assume Apple (and anybody who comes to Apple with a warrant or hacks them) has no access to it.
The data is shared with everyone Apple's wants to (or wants to sell to). Simple as that: "If you don't pay for it, then you're the product" :-). The quote of our time and the force that drives the internet's free services.
ps. They will have to have servers in the EU too, if they want European clients. EU law states that medical record data of an EU citizen can only be stored in the EU-located server.
I wonder what will happen to that EU servers law, because it has been made completely useless by a recent court decision in the US. Therein, the judge ruled that all data on servers of US companies in the EU can be accessed by the US legal system.
My prediction is that here in Germany, nobody will use cloud-based health services because of the risks. Not so sure about the rest of Europe, though.
Even if the US courts rule it legal, it's still illegal in the EU. Basically, this means that US companies with servers and data in EU will find themselves in an awkward position, with potentially no choice but to break either one law or the other.
Hm, do you have any link? Sounds like judge ruling out of his jurisdiction[1]. If the servers are in Germany, Switzerland or France good luck getting USA judge rulings implemented, especially if the other party (e.g. Germany/France) is not willing to cooperate. On the other hand, maybe there's some sort of agreement between the EU and the US we don't know about. Cloud services are becoming an increased pain, decentralized/encrypted data is the future apparently.
[1] Like when the US government wanted to indict Assange with charges of treason, regardless of the minor issue that he was not a 'USA' citizen, so... Treason according to whom?!
I'm glad the information is stored securely and the user has control over what is shared with targeted apps, but it says nothing about what is shared with Apple. Companies need to be clear about these things right up front.