Data privacy is about to be a much more tangible concept for U.S. consumers, and it’s not because the first state law regulating it (the California Consumer Privacy Act) becomes enforceable for thousands of businesses Wednesday.
Yes, the CCPA has been on the minds of compliance practitioners for a couple of years now, but most of the public knows nothing about it or its European predecessor, the General Data Protection Regulation (GDPR). A survey conducted in late 2019 by data solutions provider Tealium revealed that while more than 90 percent of U.S. consumers want the state or federal government to adopt regulations to protect their data, nearly 70 percent had never heard of either the CCPA or the GDPR.
Data privacy is getting its moment not because of anything the government is doing to protect what many believe is a civil right, but rather because the most influential brand in the nation is making it a pillar of how it does business going forward. Earlier this month at its annual developers conference, Apple revealed it was about to take a big step toward making it more clear to its nearly 100 million iPhone users in the United States just how much data companies collect about us, who they’re sharing it with, and whether they’re using it to track us.
According to Apple, the following will be among the features baked into its next iPhone operating system update, scheduled for the fall:
- The user interface will feature prompts that lets users know what types of data each app collects about them and which data types are used to track them. Each will be displayed as an itemized list. (Examples below.)
TBH I'm most intrigued about the data privacy labels, inspired by the FDA Nutrition Facts Label, and how that's going to affect user downloads for particular apps 2/2)— Navo Visagan (@NavoVisagan) June 22, 2020
- Users will have to “opt in” for apps to access their data. Previously, opting in was the default, and you had to take action to “opt out” if you didn’t want to share certain data with an app provider.
- For apps that track location, users will have the option to share their approximate location rather than their exact whereabouts.
- iPhones will also display an orange dot in the corner whenever a user’s microphone or camera is activated.
Apple compared these new features to labels on food products that display ingredients and nutritional information. While food labeling became widespread only after a federal law mandated it, there’s no legislation requiring the degree to which Apple is prioritizing privacy labeling.
Is Apple making this move because it’s the right thing to do ethically? Perhaps. More likely, the company is reading the tea leaves and sees that consumers are increasingly placing a premium on privacy.
There’s data to back that up: 71 percent of consumers polled by management consulting firm McKinsey earlier this year said they would stop doing business with a company if it gave away sensitive data without permission. And about half of respondents said they are more likely to trust a company that limits the amount of personal information it requests.
For Apple, a company that doesn’t rely on customer data nearly as much as its Silicon Valley competitors, making the personal data each app collects more transparent for users is also a smart business play.
The same can’t be said for Google, whose Android smartphone operating system is the largest platform in the United States with about 120 million users. Google makes most of its money through advertising and internet search, both of which rely heavily on user data.
Shortly after Apple’s announcement, Google unveiled a privacy improvement of its own: It will automatically delete a user’s location history and Web activity after 18 months.
Not 18 hours. Not 18 days. Eighteen months. Not much of a concession, but would you expect one from a company whose business model is based on monetizing the data of its users?
That’s sort of the point here: While the CCPA represents a step in the right direction for protecting consumers, businesses proactively prioritizing privacy is more likely to make a lasting impact. You can argue whether Apple’s motivations were based more in principles or profits, but the impact on consumers’ awareness of the data being collected will be unmistakable.
Future of privacy legislation in the U.S.
That’s not to say legislation and regulation can’t help. Nearly a dozen states are considering data privacy legislation of their own, and there are several bills floating around Congress that would address privacy at the federal level.
The problem is the coronavirus pandemic has hamstrung state legislatures and, at the federal level, it’s going to be next to impossible to get privacy legislation on the docket in an election year with a divided Congress.
That being said, there are some good ideas on the table should public support force privacy onto Congress’ agenda. The most recent bill is the Data Accountability and Transparency Act of 2020, which would create a new federal agency to regulate privacy and would also ban the use of facial recognition technology, which has shown recently to have issues of racial bias.
In an op-ed published on Wired.com, the bill’s sponsor, Sen. Sherrod Brown (D-Ohio) writes that the overly verbose user agreements we all opt into without reading are “simply the price of admission” for using technology that’s become irreplaceable to the 21st-century consumer.
“So most of us click Yes and agree to sign away our information, because our credit cards, mortgages, car loans, bank accounts, health apps, smart phones, and email accounts all require us to,” he writes.
Unfortunately, neither Brown’s bill nor three other bills that focus more on privacy issues related to COVID-19 contact tracing technology are likely to see the light of day in this session of Congress.
Looking beyond the election, data privacy isn’t a pillar of President Trump’s long-term agenda, and there’s nothing related to the topic listed among Democratic presidential candidate Joe Biden’s list of 37 “bold ideas.”
So that brings us back to Apple and to the forces of the free market advancing the cause of privacy, along with state legislation like the CCPA and international regs like the maturing GDPR. People care about their data, and they’ll care even more if they get privacy alerts on their iPhones whenever they download a new app.
If your company doesn’t have an airtight policy around the data it collects, where it’s stored, how it’s used and protected, and whether it’s shared with any third parties, your risk is only going to increase as momentum builds for more accountability and transparency around privacy.