Apple and Facebook, two of the world’s most powerful companies, are jockeying over how transparent to be with their customers on whom they share users’ personal data with and what they do with it.

Their moves provide insights, and a potential road map, for other companies struggling to find a balance between being transparent with their customers on privacy and potentially damaging their business model. In trying to be straight with your customers about how you use their data, how far is too far?

There is a fine line to be walked by companies seeking to be more transparent with their customers about how they use their data without alienating them and potentially losing their competitive advantage.

Apple has embraced protecting data privacy as a foundation of its marketing, even adding a lock to the top of the firm’s ubiquitous Apple logo in some ads. The company recently announced it will provide users with “an easy-to-understand report illustrating how companies track user data across websites and apps.” Its motivation, Apple said, is that it “helps users better understand how third-party companies track their information across apps and websites, while describing the tools Apple provides to make tracking more transparent and give users more control.” Data collected on users by apps fuels “an industry valued at $227 billion per year.”

In its next beta update for the iPhone, Apple will also allow require apps to get the user’s permission before tracking their data across apps or Websites owned by other companies. Users will also be able to make changes to the permissions as they see fit.

Apple’s move, understandably, has prompted a response from one of the largest companies that uses personal data to push targeted advertising and content to their users: Facebook.

Facebook recently announced it will inform users “about how your data may be used to personalize your experience on Facebook” as part of its “Access Your Information” tool. Facebook says the data has been available to users through the tool, “but we wanted to make it easier for people to discover.”

“It’s important to us to keep making it easier for people to understand and access their data on Facebook, so we’ll keep updating our tools whenever we can to make sure that people can continue to access their data in meaningful ways,” Facebook said.

These gestures are being fueled amid increased scrutiny of social media companies by legislators and regulators, said Aloke Chakravarty, a former federal prosecutor and partner with Snell & Wilmer whose practice focuses on cyber-security, data protection, and privacy.

“Regulators are digging into the practices of Facebook, Google, and other data mining companies,” he said.

The California Consumer Privacy Act (CCPA), which came into effect last year, places data privacy requirements on companies who have customers in California, no matter where the company is located. The CCPA gives consumers the right to know about the personal data companies collect on them; the right to delete that information; and to opt out of the sale of their personal information.

Similar data privacy laws are being considered in Washington state, New York, and New Jersey. Efforts to pass a federal privacy law stalled under the administration of former President Donald Trump, but could be revived under President Joe Biden now that Democrats control the presidency and both chambers of Congress.

Chakravarty said there is a fine line to be walked by companies seeking to be more transparent with their customers about how they use their data without alienating them and potentially losing their competitive advantage.

It’s not necessary, he said, to explain the life cycle of a targeted ad in detail, like how it works or what algorithms it uses to pair ads with users.

“But you do need to explain what data you’re collecting and what you use it for,” he said. The kind of information dashboards Apple and Facebook are rolling out will also provide users with the framework to respond to customer requests regarding what kind of data is collected, where it is stored, how it is used, how to opt out of its sale, and how to delete it.

Regulations like the CCPA should be considered the floor for data privacy, the minimum of what is required, he said.

Think of privacy as “the new green,” said Zak Rubinstein, CEO of, a vendor that provides automated real-time discovery, mapping, and tracking of personal data.

Companies that better protect their customers’ privacy and are responsive to requests about their personal data will have a competitive advantage over those that do not, he said.

“You want to get out in front of this issue,” he said. “You want to be able to say, ‘This is how we use your data and why.’” Customers will be drawn to companies that are transparent about how they use their data, he said.

Chakravarty agreed. “Companies would be wise to create a market distinction that you are more protective of consumers’ private information than their competitors,” he said.