At the end of January, we saw a report from The Washington Post call attention to the recently launched app privacy labels for Apple’s App Store. The small-scale study showed more than half the third-party apps’ self-submitted privacy labels were completely false or at least misleading. Now the US House Committee on Energy & Commerce is urging Apple to “improve the validity of its App Privacy labels” along with asking for more specifics on the system.

US House Energy and Commerce Committee chairman Frank Pallone Jr. (D-NJ) and Consumer Protection and Commerce Subcommittee Chair Jan Schakowsky (D-IL) penned the letter to Apple CEO Tim Cook this week about concerns over the App Store privacy labels (first spotted by MacRumors).

Apple has been upfront that it doesn’t fact check apps’ privacy label information but rather it responds retroactively when it learns about false information. The letter today from the US House Committee conveys that the government doesn’t find that approach acceptable:

The letter does commend Apple for wanting to simplify and enhance privacy disclosures, but warned that the plan may backfire if the app privacy labels are riddled with “false and misleading information.”

“According to recent reports, App Privacy labels can be highly misleading or blatantly false. Using software that logs data transmitted to trackers, a reporter discovered that approximately one third of evaluated apps that said they did not collect data had inaccurate labels,” wrote Pallone and Schakowsky. “A privacy label is no protection if it is false. We urge Apple to improve the validity of its App Privacy labels to ensure consumers are provided meaningful information about their apps’ data practices and that consumers are not harmed by these potentially deceptive practices.”

Along with the urgent request to improve the system, the letter also asked for the following specifics:

  • Details on the process by which Apple audits the privacy information provided by app developers and how frequently audits are conducted;
  • How many of the apps audited since the implementation of the App Privacy label were found to have provided inaccurate or misleading information;
  • Whether Apple ensures that App Privacy labels are corrected upon the discovery of inaccuracies or misleading information; and
  • Details regarding Apple’s enforcement policies when an app fails to provide accurate privacy information for the App Privacy label.

The full letter sent to Tim Cook can be read here.

In addition to the harm to consumers, false and misleading information in privacy labels is harmful to the developer community and unintentionally makes those who are honest about their disclosures look bad in comparison.

Right now, I’m seeing way too many apps with “we don’t collect any data”. I would love for that to be true, but I’m skeptical. Meanwhile, developers who are transparent about their data collection practices end up looking bad against developers who are hiding it.

— Guilherme Rambo (@_inside) January 29, 2021