The Private Sector is Calling for Regulation — Is Congress Listening?

It looks like data privacy laws are coming to America, but instead of through the traditional policy channels, change may be coming through the private sector.

Apple CEO Tim Cook has repeatedly made headlines in his strident criticism of data breaches over the past year. His opposition is not only an obvious subtweet to Facebook’s egregious mishandling of user data, but is also a clarion call for data and tech companies to take initiative to secure data and follow a set of ethical guidelines. Apple is clearly setting the tone in data management, both as a way to encourage data companies to implement a compliance infrastructure, and as a warning. If you don’t harvest data without consumer consent and allow consumers to access it, you will be labeled as an industry pariah.

Cook has received some criticism for his rhetoric: most notably, his former Chief Information Security Officer noted that none of these pointed remarks seem to be directed at China. China’s Apple devices do not come with the ability to install VPNs or end to end communications, making it difficult for Chinese citizens to avoid surveillance in an increasingly authoritarian state. Apple also refused to unlock the phones of the suspects who perpetrated the 2015 San Bernardino shooting. (A U.S. magistrate judge dismissed the lawsuit that Apple and Google had perpetrated ISIS’s growth and expansion through the use of the social media networks, but it is unlikely that this will be the last time that tech giants will be blamed for these sorts of tragedies.)

Despite these allegations, however, Cook is charging full steam ahead in his quest for data privacy law.

In a passionate op-ed published by TIME magazine on Wednesday, Cook called on Congress to pass a hard-hitting data regulation that incorporates four foundational principles:

“First, the right to have personal data minimized. Companies should challenge themselves to strip identifying information from customer data or avoid collecting it in the first place. Second, the right to knowledge — to know what data is being collected and why. Third, the right to access. Companies should make it easy for you to access, correct, and delete your personal data. And fourth, the right to data security, without which trust is impossible.”

Acxiom is joining forces with Apple, releasing a statement of support of Cook’s most recent remarks in Business Insider. Jordan Abbot, Head of Data Ethics at Acxiom, has previously advocated for ethical data principles on DMN’s website, and their leadership seems to be taking steps to put their money where their mouth is. “Acxiom, like Mr. Cook, also supports a national privacy law for the US, such as GDPR provides for the European Union… We believe it would be universally beneficial if we were able to work with Apple and other industry leaders to define the best set of laws that maintain the benefits of data in our economy while giving the necessary protections and rights to all people.”

America’s political system is currently hamstrung by a government shutdown and unevenly applied privacy laws. Heavy lobbying efforts in Washington have also stymied progress on regulations. So there may be no other choice but for companies like Apple and Axciom to step up and show leadership when it comes to data ethics to fill the void while American laws are established.

But as Cook correctly points out, it’s not up to big companies to set law and policy – it is the job of democratically elected lawmakers to do that. But a large nudge from the private sector (which has taken its cue from the early success from the EU-based GDPR) may be a crucial step in the right direction.

Related Posts