After several years of massive data breaches, such as the ones that hit Equifax, and scandals regarding the use of data at companies like Facebook, at least one tech giant head is speaking up in favor of privacy laws. Apple’s chief executive officer, Tim Cook, praised the General Data Protection Regulation (GDPR), which was enacted by the European Union this spring, at a conference in Belgium recently. Not only did Cook speak positively of the GDPR, but called for the United States to pass a similar privacy law.
In some respects, Cook’s speech continues a tradition of Apple’s support for privacy. The firm’s business leadership has long protected the users of products like its popular iPhone from anyone cracking into their phones, even resisting U.S. government requests in criminal investigations.
But in other ways, the speech was notable for its unusually hawkish tone about the tech field and data. Many tech firms, such as Facebook, Amazon, and Google, are known to routinely collect data on user habits. Not all of their users are aware of the collection or what the data is being used for.
He called the data collecting “surveillance” and noted, “our own information, from the every day to the deeply personal, is being weaponized against us with military efficiency.”
Cook’s comments, of course, come from a man whose business strategy is not based on data collection. Apple’s revenue derives from hardware like the iPhone and Mac computers, or from subscriptions for products like streaming music and podcasts. He is therefore free to make the comments without worrying about his own company’s bottom line.
A recently signed California law may act as a template for further action.
Is a U.S. Privacy Law Coming?
He also lives in a state that recently enacted its own stringent privacy law, despite being home of many data-collection firms.
California recently passed legislature that will 1) require companies to inform customers who request it what personal data they have collected; 2) require that they are told why the collection took place; and 3) tell the consumer what third party has access (by category of third party). Consumers will also be able to ask that their information be erased and that it not be sold. Marketing data on children under the age of 16 will also be prohibited.
Although the law doesn’t go into effect until 2020, many feel that as California goes, the nation will eventually go. The legislation provides a template that the Federal government could use and adapt, especially if it proves successful.
In addition, Inc. notes that some observers feel that companies will find it cumbersome to use one set of rules for California and one set of rules for everywhere else. The existence of such a law raises the possibility that tech companies and cybersecurity companies themselves will join the movement to have a uniform set of laws across the country.
That said, the passage of California’s law was controversial, with many people calling for more debate and study. It isn’t so much that legislators didn’t want data protection provisions as that they feared the bill was phrased too broadly. Some feel, for example, that the ability to sue will be too extensive; others worry that newspapers gathering data for reporting purposes may be negatively impacted. Amendments may be needed in the future.