Bipartisan Coalition of Attorneys General Expresses Concern about Privacy Implications in Letters Sent to Apple and Google

News Release, Office of the Maryland Attorney General

BALTIMORE, MD (June 16, 2020) – Maryland Attorney General Brian E. Frosh today asked Google and Apple to ensure all contact tracing and exposure notification apps related to COVID-19 adequately protect consumers’ personal information.  Joining a bipartisan coalition of attorneys general, Attorney General Frosh specifically asked Google and Apple to guarantee that such apps, when available to consumers, are affiliated with a public health authority and removed from Google Play and the App Store once no longer needed by public health authorities.

 In a letter sent today to the chief executive officers of Apple and Google, the Attorneys General acknowledge that while digital contact tracing and exposure notification tools are valuable in understanding the spread of COVID-19 and assisting public health authorities, these same technologies pose a risk to consumers’ privacy.

 “In the midst of a global pandemic, easily accessible digital contract tracing apps may be a valuable tool to help reduce the spread of COVID-19,” said Attorney General Frosh.  “But it is essential that we avoid exposing consumers’ personal and health information to unverified, questionable apps.”

 Digital contact tracing may provide a valuable tool to understand the spread of COVID-19 and assist the public health response to the pandemic. However, such technology also poses a risk to consumers’ personally identifiable information, including sensitive health information, that could continue long after the present public health emergency ends. The coalition expressed concern regarding contact tracing and exposure notification apps available to consumers in Google Play and the App Store, particularly the “free” apps that utilize GPS tracking, offer in-app purchases, and are not affiliated with any public health authority or legitimate research institution.

   To protect consumers without interfering with public health efforts to monitor and address the spread of COVID-19, the letters ask Google and Apple to:

 Verify that every app labeled or marketed as related to contact tracing, COVID-19 contact tracing, or coronavirus contact tracing or exposure notification is affiliated with a municipal, county, state or federal public health authority, or a hospital or university in the U.S. that is working with such public health authorities;

  1. Remove any app that cannot be verified as affiliated with one of the entities identified above; and
  2. Pledge to remove all COVID-19 / coronavirus related exposure notification and contact tracing apps, including those that utilize the new exposure notification application program interfaces (APIs) developed by Google and Apple, from Google Play and the App Store once the COVID-19 national emergency ends. In addition, the attorneys general asked Google and Apple to provide written confirmation to their offices once the apps have been removed or an explanation why removal of a particular app or apps would impair the public health authorities affiliated with each app.

 In addition to Maryland, the letter was signed by the attorneys general of Alaska, Arkansas, California, Colorado, Connecticut, Delaware, the District of Columbia, Guam, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Louisiana, Maine, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Puerto Rico, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, and West Virginia.