Apple CEO Tim Cook today called on the US government to pass “a comprehensive federal privacy law,” saying that tech companies that collect wide swaths of user data are engaging in surveillance.
Speaking at the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels, Cook said that businesses are creating “an enduring digital profile” of each user and that the trade of such data “has exploded into a data-industrial complex.”
“This is surveillance,” Cook said. “And these stockpiles of personal data serve only to enrich the companies that collect them. This should make us very uncomfortable.”
Cook praised Europe’s General Data Protection Regulation (GDPR), and he said that it’s “time for the rest of the world” including the US to follow Europe’s lead.
This was Cook’s proposal for a US privacy law:
We at Apple are in full support of a comprehensive federal privacy law in the United States. There, and everywhere, it should be rooted in four essential rights: First, the right to have personal data minimized. Companies should challenge themselves to de-identify customer data—or not to collect it in the first place.
Second, the right to knowledge. Users should always know what data is being collected and what it is being collected for. This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham.
Third, the right to access. Companies should recognize that data belongs to users, and we should all make it easy for users to get a copy of, correct, and delete their personal data. And fourth, the right to security. Security is foundational to trust and all other privacy rights.
“Profits over privacy”
Cook didn’t name any specific companies but seemed to be criticizing the advertising-based business models of Google and Facebook when he said that companies are putting “profits over privacy.”
“We at Apple believe that privacy is a fundamental human right,” Cook said. “But we also recognize that not everyone sees things as we do… Every day, billions of dollars change hands, and countless decisions are made, on the basis of our likes and dislikes, our friends and families, our relationships and conversations, our wishes and fears, our hopes and dreams. These scraps of data, each one harmless enough on its own, are carefully assembled, synthesized, traded, and sold.”
Companies are creating digital profiles of their users and running those profiles through algorithms to “serve up increasingly extreme content, pounding our harmless preferences into hardened convictions,” Cook said.
Companies that oppose strong privacy laws may argue that privacy regulation will prevent them from “achiev[ing] technology’s true potential,” Cook said.
“But this notion isn’t just wrong, it is destructive,” Cook said. “Technology’s potential is, and always must be, rooted in the faith people have in it.”
Former Facebook security chief Alex Stamos responded to Cook on Twitter today, questioning Apple’s commitment to privacy in China. “Apple needs to document how they protect data stored by a PRC-owned cloud provider,” Stamos wrote. “In particular, Apple should explain under what circumstances [the Chinese state-owned company] can access iCloud backups. iMessage is the only E2E [end-to-end] encrypted app allowed by the Great Firewall; what was required to get this concession from the Ministry of State Security?”