Earlier this year, the European Union passed a law that cracked down on user privacy rights online. This ranges anywhere from log-in protection to your personal browser history. Though the United States does not currently have a federal privacy law in place, some big names in the tech industry are calling for more privacy regulation and control, including Apple CEO Tim Cook.
This has been a difficult goal to achieve in the U.S., primarily because some sites have a history of utilizing their users’ personal data for digital advertising. Depending on location, browser history, and more, the online privacy Google implements does little to hide this information as you search for “restaurants near me.” In fact, most of this information is sold to digital advertisers hoping to target location-specific consumers or online shoppers based on your browsing history through cookies. This is completely legal in the United States.
But in the wake of numerous scandals regarding security breaches and data collection, Apple has taken a stand against the mining of user data.
At the 40th International Conference of Data Protection and Privacy Commissioners in Brussels, Tim Cook pushed for U.S. legislation regarding the online privacy Google, Facebook, and other big names have ignored.
According to Cook, Google and Facebook are neglecting privacy for the sake of digital advertising — a practice that does not align with the beliefs and goals of Apple.
Without some type of federal regulation barring the use of data mining, any amount of user data can be collected for the benefit of advertising without the user’s consent.
Cook sees this lack of consent as a basic human rights issue that relates to the goals implemented by the EU earlier this year.
Back in May, the European Union enacted its General Data Protection Regulation (GDPR) in order to protect the privacy of online users throughout its 28 member states. As such, users have the ability to ask for copies of their collected data and the right to have that data erased. Instead of being forced to read a long legal document before entering a site or agreeing to cookie use, the GDPR also states that company access regarding data collection and sharing should be easy to understand for online users.
On top of that, any breach in online privacy found by the parent company must be reported within 72 hours of its discovery or face a hefty fine. If a business is found to be in violation of the GDPR, they may be fined up to 4% of their annual revenue or pay 20 million euros depending on which amount is greater.
Parisian data protection specialist, Rayna Stamboliyska likens the General Data Protection Regulation to sexual consent where no means no and consent can be taken away at the user’s discretion.
In an interview with NPR, Stamboliyska offers an example of the GDPR in motion.
While shopping for shoes, Zappos uses your information to slip a shoe ad for their product into your newsfeed. If you don’t want to see this ad, you can protect your data under the GDPR and request that they remove the data they have on you.
You have the right to say, “Look, I’m fed up of your shoes. Now just stop profiling me, and stop following me. And please do remove the data you have of me because I no longer want you to keep it,” claims Stamboliyska.
As Google and Facebook experience scandal after scandal, Apple has worked to improve its own online privacy control. Earlier this year, Facebook experienced a breach that affected nearly 90 million users. Just this September, the social media site was hit by another breach that affected almost 50 million accounts that resulted in the forced log out of nearly 90 million accounts in response.
Tim Cook is leading the charge for tech companies to get behind a similar policy legislation to the GDPR in the United States. The company has recently made changes to its privacy controls by adding new features, including secure password management. Apple has also worked on boosting the security on Safari’s intelligent tracking, a feature which allows the user to browse online without the threat of companies tracking them or mining their data for advertorial use.
This isn’t to say that Apple has never tried similar digital marketing techniques in the past, however. The company has tried to build a digital marketing business before, but it failed to pick up any traction, at least in comparison to the success of Google and Facebook.
According to Cook, he has no problem with this type of digital advertising being used by other companies but claims other forms of user privacy collection have crossed a line. The “data industrial complex” that many businesses are taking advantage of has proffered an abuse in user policy and information. Though he didn’t mention Google or Facebook directly, both of these companies partake in this data mining along with many other Silicon Valley tech companies and startups.
Although the GDPR does not have jurisdiction over internet giants and users in the United States, these sites still need to adhere to the rules implemented by the EU since countless people use these sites overseas. For example, the most recent Facebook breach in security almost cost them 4% of their annual revenue since the social media site reported their breach right before the 72-hour deadline.
Cook claims that companies need to be more accountable for user data protection in the United States. By using the GDPR as a model, he hopes the U.S. can follow suit and enact a similar policy to protect user privacy online.