Cook’s speech comes months after the European Union passed the General Data Protection Regulation in May, which establishes far-reaching privacy rules for tech companies with stiff economic penalties for violations. And Apple made users’ personal information available to view and download. “We at Apple are in full support comprehensive federal privacy law in the united states,” Cook said. “Our own information—from the every day to the deeply personal—is being weaponized against us with military efficiency,” he added.
Creating guidelines
During Cook’s speech, he laid out four essential rights users have that should guide possible regulation:
- Right to have personal data minimized Cook encouraged companies to anonymize the user data it collects, or strive to not collect it at all.
- Right to knowledge This is an analog to the GDPR requirement that companies can’t bury information about tracking and other privacy issues in overly-complex terms of service documents.
- Right to access Apple thinks you should be able to view and download any personal information a company has collected about you, which has become common practice. Beyond that, you also have the right to know how the company is using that information, which is less common at the moment.
- Right to security If you’re going to share your personal information, the company collecting it has a responsibility to keep bad people from getting their hands on it. Obviously there are a lot of specific details to work out, but on the surface, these ideas closely resemble some of the core pieces of GDPR, which Cook openly praised during the speech.
How did we get here?
While the all-encompassing GDPR rules have been in effect since earlier this year in the EU, U.S. regulations remain a patchwork of laws and bills overseen by government agencies like the Federal Communication Commission. Rules can change rapidly, sometimes before they even go into effect. In 2016, for example, the FCC passed a rule that required broadband providers to get a user’s explicit permission before selling their personal information to third parties to go into effect in December of 2017. In March of 2017, however, the House voted to block the rules from taking effect on the back of claims that the providers themselves and existing guidelines from the FTC would prevent companies from acting in a way that betrays a “privacy-by-design” mindset.
What’s in it for Apple?
While the overall message of the speech is easy to support, it also contains some thinly-veiled jabs at some of the other massive tech companies. Cook refers to issues like election meddling and data leaking, which have affected Facebook in particular. Because Apple is primarily a hardware company, it has an advantage when it comes to operating in a privacy-first way. Its primary business is selling hunks of metal and glass rather than user data and useful advertising info. Cook also said in reference to protecting users’ privacy, “If we can do it, then anyone can,” which rings slightly odd coming from one of the richest companies in the world. One common criticism of GDPR is that the regulations come with costs, like extra employees to handle privacy disclosures, that are easily absorbed by large companies, but demand too many resources from smaller startups. The water also muddies when you examine Apple’s other corporate connections. For instance, Google is the default search engine in Safari thanks to a business deal, which enables Google to collect information on Safari users. This is ultimately a conversation that you will likely hear about for a long time, especially after Congress settles in after this election year fracas. Testimony and large-scale security and privacy problems have kept this issue at the top of mind for many people in the U.S. and it’s unlikely to slow down any time soon.