Apple Inc. has responded to a request for information by Congress, spelling out data collection practices in its privacy policy, location-based services, the iAd network and the App Store.

The company updated its privacy policy June 21, adding several provisions to its location-based data collection practices. This change to the policy spurred scrutiny from the Federal Communications Commission and Congress.

?[Apple] revised provisions regarding (i) what information it collects from customers and how Apple and its partners and licensees may use information, (ii) the use of ?Cookies and Other Technologies,? (iii) the safeguards in place to prevent the collection of personal information from children, and (iv) the collection and use of information from international customers,? says Apple?s letter to the co-chairmen of the House Bi-Partisan Privacy Caucus, Ed Markey (D-MA) and Joe Barton (R-TX).

?Added provisions [include] (i) advising customers to review the privacy practices of third-party application providers and (ii) cautioning customers about posting personal information on an Apple forum, chat room or social networking service,? the letter says.

Apple?s revisions and additions to the privacy policy is all about the company controlling the experience. The time is right too, since Apple launched its iAd network on July 1. The data information Apple now collects is crucial for the company?s mobile advertising business.
 
Apple needs that location data just like any other advertiser does. But the company claims that it collects data to provide a better experience to customers.

However, industry experts think otherwise.

?Apple is collecting location data for its own purposes rather than for the benefit of others,? said Noah Elkin, senior analyst at eMarketer, New York.

Location is proving to be a crucial element to the success of mobile and social. In terms of the way the mobile market is developing, it is headed towards proximity marketing.

Apple realizes that being able to use a user?s location and marry it with a consumer?s likes and dislikes raises the bar in terms of the relevancy of the advertising messages.

The response
The two Congressmen previously sent a letter to Apple CEO Steve Jobs, asking for more information on the company?s location-based data collection practices.

The lawmakers had a list of nine questions, which Bruce Sewell, general counsel and senior vice president of legal and government affairs at Apple, answered.

Here are the lawmakers' questions and Apple's answers in their entirety:

Which specific Apple products are being used by Apple to collect geographic location data?
The iPhone 3G, iPhone 3GS, iPhone 4, iPad WiFi + 3G, and, to a more limited extent, older models of the iPhone, the iPad WiFi, iPod touch, Mac computers running Snow Leopard, and Windows or Mac computers running Safari 5.

When did Apple first begin collecting this location data, and how often is data collected from a given consumer?
Apple first began offering location-based service in January 2008 and began collecting WiFi Access Point Information at that time.

As described above, collection of location data varies greatly based on the services requested by each customer. Location data will not be collected at all from those users who have location services turned off.

Does Apple collect this location data from all consumers using Apple products? If the answer is no, please explain which consumers Apple is collecting information from and the reasons that these consumers were chosen for monitoring?
Apple collects anonymous WiFi Access Point Cell Tower and GPS Information from devices that have location services turned on, have explicitly authorized apps to use their location, and are actively running one of the apps. Anonymous WiFi Access Point Information and GPS coordinates may also be collected when an iPhone is using GPS to search from a cellular network. Diagnostic location data is only collected from users who have expressly agreed to send this information to Apple. Device location data (by ZIP code only) is collected from users who participate in the iAd network.

How many consumers are subject to this collection of location data?
Please see our answer to question No. 3 above.

What internal procedures are in place to ensure that any location data is stored ?anonymously in a form that does not personally identify? individual consumers??
When a customer?s device sends WiFi, cell tower, GPS or diagnostic location data to Apple, it does not include any information identifying the particular device or user.

In case of the iAd network, latitude and longitude coordinates are collected and immediately converted to a five-digit ZIP code. Latitude and longitude coordinates are not kept or otherwise associated with an individual. Apple?s iAd server does not associate the five-digit ZIP code with a device identifier for the purpose of serving a location-relevant ad. Apple does not share any location data about individual customers, including the ZIP code calculated by the iAd server, with advertisers. Apple retains a record of each ad sent to a particular device in a separate iAd database, accessible only by Apple, to ensure that customers do not receive duplicative ads and for administrative purposes. Apple intends to retain the ZIP code information it has collected for six months to administer and improve the iAd network. After six months the information may be aggregated for administrative purposes.  

Please explain in detail why Apple decided to begin collecting location data at this time, and how it intends to use the data?
Please see our answer to question No. 2 above regarding when we began collecting relevant information. Apple collects location data for only one purpose ? to enhance and improve the services we can offer to our customers.

Is Apple sharing consumer location information collected through iPhones and iPads with AT&T or other telecommunications carriers?
No.

Who are the unspecified ?partners and licensees? with which Apple shares this location data, and what are the terms and conditions of such information sharing? How does this comply with the requirements of Section 222 of the Communications Act, which mandates that no consumer location information be share without the explicit prior consent of the consumer?
The ?licensees? referred to above are our software application developers. Apple shares location data with an application developer only after a user has given express consent to the sharing.

?Partners? refers to two external partners who maintain databases of known locations for cell towers and WiFi access points. Earlier versions of the iPhone software rely on these databases for WiFi access point and cell tower locations. For devices running that earlier software, Apple shares anonymous, non-device identifying location information with these external partners to obtain better location results for our users.

Does Apple believe that legal boilerplate in a general information policy, which the consumer must agree to in order to download applications or updates, is consistent with the intent of Section 222, and sufficient to inform the consumer that the consumer?s location may be disclosed to other parties? Has Apple or its legal counsel conducted an analysis of this issue? If yes, please provide a copy, If not, why not?
While Apple is not a telecommunications carrier or service provider subject to Section 222 we believe the privacy protections described in detail in this letter are consistent with the intent of section 222.

Apple is committed to giving our customers clear notice and control over their information, and we believe our products do this in a simple and elegant way. We share your concerns about the collection and misuse of location data, and appreciate this opportunity to explain our policies and procedures.

Mark Beccue, an analyst at ABI Research, Oyster Bay, NY, was not surprised by the fact that Apple is being scrutinized by Congress and did not see anything wrong with the company?s data collection practices.

?As you know, the Mobile Marketing Association really says that everything has to be permission-based, you have to get subscribers' permission,? Mr. Beccue said. ?In the App Store they have to ask you every time if they want to use your location and ask for permission.

"You also have to have permission to send someone an ad, unless it?s in a Web site or app, but if it?s a push in any way, shape or form, it has to be permission based, because phones are an area in particular where people don?t want spam,? he said. ?If Apple is still adhering to that, I don?t see an issue.?

Please click here to read Apple?s letter the co-chairmen of the House Bi-Partisan Privacy Caucus, Ed Markey (D-MA) and Joe Barton (R-TX).

Final Take
Giselle Tsirulnik is senior editor of Mobile Marketer

/>