Apple is on the Right Page on Privacy
As consumers and business adopt new technologies, they are often met by a privacy learning curve. In Congress, this is no different. Recently, House Committee on Energy and Commerce (E&C) members wrote to Apple CEO Tim Cook inquiring about the collection and use of consumer data—such as location services and voice recognition—on iPhones. This continues the dialogue the legislative body, which has jurisdiction over several technology and consumer protection issues, has had with industry following the Cambridge Analytica scandal. Fortunately, Apple has a good record when it comes to consumer privacy and communicating with app users about what data will be collected and why, how to enable or disable the collection of that data, and—should the data be exchanged—encrypting it.
In their letter to Apple, E&C Committee members wrote that “Consumers have a reasonable expectation of privacy when taking active steps to prevent being tracked by their device.” We applaud the Committee’s interest in the topic and the speed with which Apple responded.
Apple answered E&C’s sixteen questions in a nineteen-page document Tuesday, August 7. Because our member companies use the iOS platform to reach consumers, we are particularly interested in Apple’s response.
Overall, the company places emphasis on the user control of their iPhone’s privacy settings and details the expectations the company has of software developers who sell apps on their platform. Specifically, Apple describes that:
- Privacy is a fundamental human right, and Apple’s software is written to reflect that by minimizing the collection of consumer data;
- Apps on the Apple platform must use “just-in-time notifications” when requesting location; and
- Users of Apple products are always in control of these selections.
In addition, the iPhone only transmits location data to Apple if location services and/or Wi-Fi are enabled and the iPhone is not in Airplane Mode. This information is both anonymous and encrypted when sent back to Apple, which does not use it for marketing purposes.
Apple also discussed their app vetting process. Apple’s team reviews 100,000 applications a week, and 36,000 are initially rejected for not being compliant with Apple’s standards. While this may seem overly demanding of software developers, it demonstrates the platform’s commitment to user privacy and helps the apps that go through the vetting process develop a relationship of trust with their users.
This commitment doesn’t stop with application review—it goes all the way to the consumer. Within their iPhone settings, users can allow or deny access to information on an app-by-app basis to data points such as location services, contacts, calendars, reminders, photos, Bluetooth sharing, microphone, speech recognition, camera, health, and others. Moreover, apps using the platform are barred from accessing data on the device or stored in other apps—unless the user expressly authorizes such access—via technical separation, which Apple calls “sandboxing.” Additionally, users may select one of three options to enable any of these while in applications: “always,” only “while using the app,” and “never,” adding flexibility to the user experience. Finally, Apple also allows users to limit the extent to which third-party apps may track their activities for advertising purposes. The last several versions of iOS give app developers no choice but to honor this option, automatically turning the opt-out user’s unique device ID to a series of zeroes for ad tracking purposes. This action essentially deletes the uniqueness of a user’s device, which in turn disables an ad network’s ability to track the user for ad purposes.
At a time when consumers—and Congress—are asking justified questions about tech companies’ consumer data practices, the App Association supports Apple’s approach to consumer privacy. The model Apple describes gives the customer control, while respecting the direct relationship third parties like our member companies have with their customers and clients. The Apple platform facilitates—rather than interrupts or interferes with—the ever-evolving privacy dialogue that must take place between mobile software companies and their users.
We look forward to the continued discourse between Congress and the private sector on how best to honor consumer expectations on privacy and innovation in the mobile economy.