The tech industry has seemed to undergo a substantial policy shift over the last year. Instead of touting the benefits of self-regulation as they had before, companies including Amazon, Apple, AT&T, Facebook, Google, Microsoft and many others have been calling, and actively lobbying, for federal regulations on data privacy. Generally, the proposals include measures to give users more control over their own data, including browsing history and consumer data.
In a speech at a privacy conference in Brussels this week, Apple CEO Tim Cook sounded more like an activist than a chief executive, warning of a “data-industrial complex,” in which personal information has been “weaponized against us with military efficiency.”
“Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies. Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false. This crisis is real. It is not imagined, or exaggerated, or crazy.”
It’s been quite a shift. Prior to this past spring, most tech companies were steadfastly opposed to any regulation on data. This was most pronounced with companies like Facebook and Google that lean heavily on advertising for their revenue, but Apple also has a stake in privacy laws. Europe’s General Data Privacy Regulation forced Apple to offer a new account shutdown procedure when it went into effect earlier this year.
Apple’s business model, based on selling hardware, has allowed it to shift the focus of privacy debates onto companies like Facebook that depend on consumer data for targeted advertising. However, Apple does allow advertisers to track users based on on their App store and News app activity. The company also collects data that it scrambles into “aggregate” form, removed from the identity of the user.
The Apple Watch collects personal health data, even if it isn’t held on Apple servers, and newer iPhones have facial recognition capability. While Apple has been careful about privacy policies surrounding these features, they certainly could be affected by a robust and wide-ranging privacy law. Apple also has a privacy blind spot when it comes to its policies on its iCloud server for mainland Chinese users. Cook’s speech is one way of keeping legislation focused on the ad-based models.
Apple’s privacy policies are laudable, but it’s important to not let these companies control the narrative or the legislation. This would be a case of the fox guarding the henhouse.
Even if we take Apple’s position at face value, the broader shift in the tech industry is highly suspect. Those ad-based companies, like Facebook and Google, have also come out in vocal support of federal privacy regulations, but only after California passed its own stringent policy regulations in June, set to go into effect in 2020. The law would allow users to find out what data is being collected on them, why the data is collected, and who it is being shared with. Industry insiders consider this policy more threatening than Europe’s, and are afraid the approach could spread to other states.
Companies are now lobbying the Trump administration for a set of federal regulations that would override California’s. Given this White House’s skeptical approach to regulation in general, it would seem that these companies see a Trump-endorsed regulation as the best approach to cutting their losses. With even Facebook and Google officials acknowledging that privacy regulations seem to be an inevitability, regulations from the GOP-controlled federal government seem preferable to the stringent laws that could emerge from deep blue states.
Industry groups including the US Chamber of Commerce, the Internet Association, and the Information Technology Council, have all said they are pressing for voluntary standards instead of enforceable mandates. In exchange for what amounts to more “self-regulation,” they are asking that any federal regulations override state laws like California’s.
Tim Cook’s speech, with its sweeping moral statements, is likely to get much more attention than the statements by companies openly admitting they support federal regulation in order to nullify the California law. And admittedly, Apple is far from the worst offender here. But any narrative that says tech companies have simply had a genuine change of heart in the wake of data scandals and breaches is misleading.
The public needs to stay focused on setting its own boundaries on data collection, instead of letting tech giants control the conversation and negotiate over regulations. Companies like Facebook have already made it clear that left to their own devices, they will do very little to protect the privacy of their users. While federal regulations may be in order, they should not be written and defined by the companies themselves, and they should certainly amount to more than just voluntary guidelines.