Apple Inc. Chief Executive Tim Cook recently called for U.S. data protection regulation saying individual’s personal information has been “weaponized.” Mr. Cook proposes that U.S. data protection laws be modeled on the European Union’s General Data Protection Regulation (GDPR) that was enacted in May to both improve user rights and bolster the 28-member bloc’s power as a global rule-maker.
Mr. Cook’s call was issued while speaking at a privacy conference organized by the European Union where he told the audience of EU privacy regulators that the U.S. should enact a comprehensive federal privacy law that follows their example. “Our own information—from the everyday to the deeply personal—is being weaponized against us with military efficiency,” Mr. Cook said. “Today, that trade has exploded into a data-industrial complex.”
Commenting on the need for data privacy regulations Mr. Cook said, “We see vividly — painfully — how technology can harm rather than help. Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies.”
Mr. Cook’s comments illustrate how he is positioning Apple – the largest Silicon Valley firm by market capitalization – apart from rivals including Facebook Inc. and Alphabet Inc.’s Google and their recent scandals involving access to personal information. It also highlights the increasing importance of tech firms making their cases directly before EU privacy regulators, who are now empowered to issue fines of up to 4% of a company’s worldwide annual revenue.
Apple maintains that because it makes the bulk of its money by selling devices, rather than advertising, it has far less incentive to exploit its customers’ data. Mr. Cook went even further in his keynote, comparing the underlying data-collection practices of targeted online-advertising, a business worth tens of billions of dollars annually, to surveillance. It is language expected from privacy activists rather than tech CEOs. “We shouldn’t sugarcoat the consequences,” he said. “This is surveillance and these stockpiles of data serve only to make rich the companies that collect them. This should make us uncomfortable.”
Apple gets higher marks from European privacy activists and regulators because it says it anonymizes and limits much of the data it collects on users. However, the company also generates revenue from digital searches across its devices by collecting licensing fees of more than $5 billion annually from Alphabet Inc. to make Google the default search engine on browsers across Apple devices, according to analysts.
- Mark Zuckerberg defended his leadership in March and said it was “extremely glib” of Mr. Cook to suggest that because the public did not pay to use Facebook that the firm did not care about them.
- Mr. Cook proposed a comprehensive federal privacy law with at least four key planks:
- The right to have personal data minimized
- The right to knowledge
- The right to access
- The right to security
- Tim Cook also warned on AI, “If we get this wrong, the dangers are profound. … We can achieve both great artificial intelligence and great privacy standards. It’s not only a possibility, it is a responsibility. In the pursuit of artificial intelligence, we should not sacrifice the humanity, creativity, and ingenuity that define our human intelligence.”
Quests & Actions (Q&A)
- Apple unveiled expanded privacy protection measures for the U.S., Canada, Australia, and New Zealand that includes the ability to download all personal data held by Apple. European users already have this through GDPR. Should all U.S. tech companies provide this ability to their users? Should this be enforced through regulations?
- Ireland’s data protection commission, the lead authority for Europe with many tech firms based in the country, is investigating Facebook’s data breach allowing hackers access to three million EU accounts. As the first big test of new rules, should Facebook be fined a record $1.63 billion to send a message?
- Previously tech companies pushed for self-regulation but are now proposing federal rules. Is it too late for self-regulation? Should U.S. federal regulations require the highest possible privacy safeguards as included in the GDPR?