Since regulators started paying more attention to data privacy, Silicon Valley has generally adopted a responsive—albeit disingenuous—posture toward the increasing prospect of more oversight.
The big cookie monsters like Google and Facebook, whose business models rely on the harvesting and sale of voracious amounts of personal data about individuals, are suddenly and publicly paying lip service to vague notions like “control” and “accountability”, while doing everything in their power behind the scenes to minimize the impact of additional regulatory scrutiny on the bottom lines.
Among the most prominent exceptions to big tech’s smarmy front has been Apple whose CEO Tim Cook has been outspoken in his support of more governmental oversight of technology and protections for users.
If there were still any ambiguity about Apple’s stance, Cook dispelled it in his blistering keynote address on Wednesday at the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels. Said Cook:
Around the world, from Copenhagen to Chennai to Cupertino, new technologies are driving breakthroughs in humanity’s greatest common projects. From preventing and fighting disease…To curbing the effects of climate change…To ensuring every person has access to information and economic opportunity.
At the same time, we see vividly—painfully—how technology can harm rather than help. Platforms and algorithms that promised to improve our lives can magnify our worst human tendencies. Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false.
Without mentioning Google or Facebook by name, Cook slammed “the data industrial complex” and its relentless efforts to translate “our likes and dislikes, our friends and families, our relationships and conversations, our wishes and fears, our hopes and dreams” into increased sales:
Our own information — from the everyday to the deeply personal — is being weaponized against us with military efficiency. These scraps of data, each one harmless enough on its own, are carefully assembled, synthesized, traded and sold.
Taken to the extreme this process creates an enduring digital profile and lets companies know you better than you may know yourself. Your profile is a bunch of algorithms that serve up increasingly extreme content, pounding our harmless preferences into harm.”
We shouldn’t sugarcoat the consequences. This is surveillance.
In praise of GDPR
In his speech to the audience of international privacy commissioners, Cook endorsed the EU’s ethics-based General Data Protection Regulation (GDPR) framework, instituted in May as the Facebook/Cambridge Analytica scandal was unfolding, calling it an example of how “good policy and political will can come together to protect the rights of us all.” He said:
We should celebrate the transformative work of the European institutions tasked with the successful implementation of the GDPR. We also celebrate the new steps taken, not only here in Europe but around the world — in Singapore, Japan, Brazil, New Zealand. In many more nations regulators are asking tough questions — and crafting effective reform. It is time for the rest of the world, including my home country, to follow your lead.
Apple does not collect data profiles of individuals and uses pro-privacy technologies and techniques like differential privacy, a system to minimize loss of privacy while still aggregating patterns of behavior across its user-base.
The company last week unveiled a new privacy portal giving Apple users a way to see what data the company collects on them and the ability to delete if, if they wish.
Adding his voice to calls made by such as Salesforce CEO Marc Benioff, Cook told the regulators that Apple is “in full support of a comprehensive, federal privacy law in the United States” and outlined four key elements he thought it should contain:
- The right to have personal data minimized. "Companies should challenge themselves to de-identify customer data—or not to collect it in the first place," Cook said.
- The right to knowledge. "Users should always know what data is being collected and what it is being collected for. This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham."
- The right to access. "Companies should recognize that data belongs to users, and we should all make it easy for users to get a copy of, correct and delete their personal data."
- The right to security. "Security is foundational to trust and to all other privacy rights."
Thinking about AI
Cook concluded with some brief remarks on the dangers of using personal user information as a shortcut to building effective AI, just because it is a faster, cheaper route:
At its core, this technology promises to learn from people individually to benefit us all. Yet advancing AI by collecting huge personal profiles is laziness, not efficiency. For Artificial Intelligence to be truly smart, it must respect human values, including privacy.
We can achieve both great Artificial Intelligence and great privacy standards. It’s not only a possibility, it is a responsibility…If we get this wrong, the dangers are profound.
The big tech industry seems to have abandoned hope that government is going to settle for “self-policing” and is now hoping to influence the inevitable enactment of tougher privacy regulations, if not immediately at the Federal level, then by the states. (As those adopted by California.)
Apple’s strong support for a comprehensive privacy bill will reinforce and probably hasten its arrival. But given Google and Facebook’s lobbying clout, I’m not optimistic that the American law is likely to be as tough on data protection as GDPR.
Privacy supporters should applaud Tim Cook for taking a strong principled stance. It’s worth noting that Google pays Apple billions each year for making it the default search engine on iPhones, iPads and Macs.