Apple has provided an unusually detailed accounting of how it handles customers' location information and privacy, following a query sent to the company by two Congressmen.
The iPhone maker reiterated in a letter published Monday that it does not share location information with outside parties without a customer's permission. If customers agree to use location-based applications, like Foursquare or Twitter or iAds, location information is collected by Apple in a way that does not identify the user.
A small bit of panic arose when Apple updated its privacy policy on June 21 for customers using devices that run iOS 4. When customers opened iTunes they were greeted with this change: "To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services."
Soon after Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas) sent a letter to Apple CEO Steve Jobs expressing their concerns over the additions to the policy and asking for answers regarding reports that Apple is gathering location information on its customers and sharing it with third parties.
As requested by the Congressmen, Apple answered by July 12. On Monday, the offices of Markey and Barton, the co-chairmen of the House Bi-Partisan Privacy Caucus, released the full text of Apple's response. The full text is embedded below.
Apple's general counsel Bruce Sewell responded with specific answers to the Congressmen's questions, but also included general details about the policy. June 21 was the third time Apple has updated its privacy policy--previously it had done so on June 29, 2007 (the date of the original iPhone launch), and February 2008 (the release of the iPhone OS SDK).
Apple put the privacy policy change on the iTunes Store so that as many customers would see it as possible, the company said in the letter. Customers who did not want their phone to share their location can opt out by turning off location-based services on any iOS device's settings menu. Or they can say they do not agree to the new privacy policy. In that case, customers will not be able to set up an iTunes Store account, but can still activate and access any Apple device, the letter said.
"When a customer's device sends Wi-Fi, cell tower, GPS, or diagnostic location information to Apple, it does not include any information identifying the particular device or user," Sewell wrote. In the case of iAd, Apple's new iOS-based advertising program, a user's latitude and longitude coordinates are collected anonymously and immediately converted to a five-digit ZIP code. The lat/long info is not retained, and the iAd server does not match ZIP code info with a particular device or user, according to Apple. Advertisers never see the ZIP code info.
Apple does keep it for six months "to administer and improve the iAd network." After six months the company aggregates the info "for administrative purposes."
Reps. Markey and Barton sounded mostly satisfied by Apple's response. "Apple's responses provided additional information about how it uses location data and the ability of consumers to exercise control over a variety of features on Apple's products, and I appreciate the company's response," Markey said in a statement, and added that he would "continue to closely monitor this issue."
Added Barton: "While I applaud Apple for responding to our questions, I remain concerned about privacy policies that run on for pages and pages. I hope every business that uses information for advertising and marketing purposes will work toward more transparency and complete disclosure about their practices, as well as robust security for the information they hold."
apple response to markey-barton