Apple · Apple Privacy Policy

Health and Sensitive Data Collection

High severity
Share 𝕏 Share in Share

What it is

Apple collects health metrics such as heart rate, fitness activity, and other sensor data from Apple Watch and iPhone if you use health features or research apps — this is some of the most sensitive personal data Apple handles.

Consumer impact (what this means for users)

If you use Apple Watch, Health app, or research studies on iPhone, Apple collects granular health and biometric data including heart rate — users should review what health data sharing is enabled in the Health app under Sources.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Open the Health app on your iPhone, tap your profile picture, go to Apps or Devices, select the source, and choose to stop sharing or delete health data. You can also delete all health data at privacy.apple.com.

How other platforms handle this

Waze Medium

The Services are based on a community of users publicly sharing information with Waze and with other members of that community. In particular, users may choose to share personal information such as name, age, gender, picture, their location information, reports and other files. This information may ...

Netflix Medium

From Partners whose products and services you use: We may collect the following categories of personal information... [Netflix collects data from billing partners, device manufacturers, internet service providers, and voice assistant platforms about user activity and interactions].

Eventbrite Medium

Automatic Data includes without limitation, a unique identifier associated with your access device and/or browser (including, for example, your Internet Protocol (IP) address) characteristics about your access device and/or browser, statistics on your activities on the Services, information about ho...

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Health data is among the most sensitive categories of personal information under GDPR Article 9 and state biometric privacy laws, and its collection creates heightened legal obligations and privacy risks for users.

View original clause language
If you choose to share them, health-related data may be collected by Apple from Apple Watch or iPhone sensors, from HealthKit, such as heart rate, or from health-related features. If you participate in a study using the Research app, the policy for that study will describe how your research data is used. Other sensitive data, such as precise location or financial information, are treated with additional care.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Health data constitutes 'special category' data under GDPR Art. 9, requiring explicit consent (Art. 9(2)(a)) or another specific derogation — enforced by EU DPAs including the Irish DPC. In the US, if Apple provides services to HIPAA-covered entities, health data may constitute PHI under 45 CFR Parts 160/164; however Apple's consumer health features are generally not HIPAA-covered absent a BAA. FTC Act Section 5 and the FTC's 2023 Health Breach Notification Rule (16 CFR Part 318) apply to unauthorized disclosure of consumer health data. Illinois BIPA (740 ILCS 14) may apply if biometric identifiers are collected via sensors. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces the Health Breach Notification Rule and Section 5 against companies that improperly collect or share consumer health data.
    File a complaint →
  • Hhs Ocr
    HHS OCR enforces HIPAA and may have jurisdiction where Apple health data collection intersects with covered healthcare entities or business associate relationships.
    File a complaint →

Applicable regulations

EU AI Act
European Union
BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
CAN-SPAM
United States Federal
DMA
European Union
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
TCPA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Apple Privacy Policy
Entity
Apple
Document last updated
March 24, 2026
Tracking information
First tracked
March 6, 2026
Last verified
April 9, 2026
Record ID
CA-P-002413
Document ID
CA-D-00024
Evidence Provenance
Source URL
https://www.apple.com/legal/privacy/en-ww/
Wayback Machine
View archived versions →
SHA-256
36e54b8290f2d5f4441e7bfd5492920450a4d5b256d9353a74fa7946d1065115
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Apple | Document: Apple Privacy Policy | Record: CA-P-002413
Captured: 2026-03-06 20:19:48 UTC | SHA-256: 36e54b8290f2d5f4…
URL: https://conductatlas.com/platform/apple/apple-privacy-policy/health-and-sensitive-data-collection/
Accessed: April 29, 2026
Classification
Severity
High
Categories
Data collection

Other provisions in this document

Related Analysis