Apple, CEO Tim Cook double down on privacy demands

While Facebook and Google continue to come under fire for bungling users’ data privacy, Apple and its CEO, Tim Cook, remain on the offensive regarding the push for federal privacy legislation in the United States.

Cook recently wrote an op-ed for Time Magazine, once again stressing the need for the United States to address privacy on a national level.

“In 2019, it’s time to stand up for the right to privacy—yours, mine, all of ours,” Cook begins. “Consumers shouldn’t have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives.”

“This problem is solvable—it isn’t too big, too challenging or too late,” Cook continues, adding that he and others are “calling on the U.S. Congress to pass comprehensive federal privacy legislation—a landmark package of reforms that protect and empower the consumer.”

Cook previously spoke out on the need for the U.S. to enact legislation similar to the EU’s General Data Protection Regulation (GDPR) at a conference in Brussels in October. There, his message was “privacy is a fundamental human right,” and he laid out four principles he believes should guide legislation:

1. The right to have personal data “minimized,” with the idea that companies challenge themselves as to whether they actually need the information in the first place;
2. The right to knowledge. Users should know what data is being collected and why;
3. The right to access. Companies must recognize that data belongs to users; and
4. The right to security.

“But laws alone aren’t enough to ensure that individuals can make use of their privacy rights,” Cook wrote for Time. “We also need to give people tools that they can use to take action.”

As part of his op-ed, Cook proposes that the Federal Trade Commission should establish a data-broker clearinghouse, “requiring all data brokers to register, enabling consumers to track the transactions that have bundled and sold their data from place to place, and giving users the power to delete their data on demand, freely, easily and online, once and for all.” He believes that could help defend against the many data privacy violations that are invisible, such as the data an online retailer collects when you purchase a product from its website.

Apple as a company hasn’t shied from mocking its contemporaries in its promotion of its privacy campaign. The company earlier this month took out a billboard outside the Consumer Electronics Show in Las Vegas that read, “What happens on your iPhone, stays on your iPhone,” a not-so-subtle shot at other giants in the tech industry. Of note, Apple does not attend the event.

Despite the apparent trolling and Cook’s continued campaigning, Apple’s ledger regarding privacy rights might not be squeaky clean. The company—specifically, Apple Music—was one of eight in the tech industry named in a complaint filed last week on behalf of 10 users in Austria by privacy rights group None of Your Business (noyb), led by privacy campaigner and lawyer Max Schrems, regarding failure to comply with the GDPR. In the complaint, which also names Amazon, Netflix, Spotify, and YouTube, noyb states “no service fully complied” when put to the test regarding “right to access,” as stated in Article 15 of the GDPR.

“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” said Schrems of larger services like Apple in the group’s statement. “In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”

Of the companies named in the complaint, Apple, whose European headquarters is based in Ireland, faces the largest potential maximum penalty at €8.02 billion (U.S. $9.12 billion), as determined by noyb with regard to the fine of up to 4 percent of global revenue GDPR allows for violating companies.

Such raises the stakes for Cook and his company to stay at the forefront of the privacy conversation.

“We cannot lose sight of the most important constituency: individuals trying to win back their right to privacy,” Cook concludes in his op-ed. “Technology has the potential to keep changing the world for the better, but it will never achieve that potential without the full faith and confidence of the people who use it.”