Apple's Cook pushes for US privacy law, with GDPR model in mind

Dive Brief:

Apple CEO Tim Cook called for a more comprehensive U.S. law around data privacy, pointing to the example of the EU's General Data Protection Regulation (GDPR), according to The Wall Street Journal. GDPR, which went into effect in late May, demands internet companies receive informed consent before collecting any information on users.
Cook's comments, made Wednesday during a keynote at an EU-organized conference in Brussels, follow several high-profile privacy controversies this year, such as Facebook's Cambridge Analytica scandal and the more recent news that Google had exposed the data of as many as 500,000 users through its Google+ social network, which was shuttered for consumers but recently revamped for the enterprise.
As noted by the Journal, a U.S. law mirroring the type enforced by the EU could benefit Apple and give the company an edge over competitors. Unlike Facebook and Google, Apple generates a large share of revenue from selling secure, encrypted devices and not from digital advertising. During the keynote, Cook made blistering references to what he called a "data industrial complex" and lamented how personal information today is being weaponized against users with "military efficiency."

Dive Insight:

The top executive at the world's most valuable brand calling for what is essentially a GDPR model for the U.S. could be significant at a time when more government officials are trying to introduce those types of rules at the state level. Cook has long been a strong proponent of data privacy but appears to be ratcheting up his rhetoric around the topic this year.

Reports have surfaced that the Trump administration is examining data privacy approaches and a U.S. version to GDPR, but no concrete actions or steps have been taken yet.

Companies in the U.S. have, to date, had relatively free reign over how data and privacy are handled, though that could change amid repeated fumbles, such as the Cambridge Analytica scandal. Many businesses — and tech firms, in particular — have resisted implementing stricter privacy laws, which makes Cook's comments stand out.

California, for example, in June adopted a privacy law that imposes more stringent rules around how businesses disclose data collected from consumers. The California Consumer Privacy Act of 2018, which is expected to go into effect in 2020, has met with pushback from Amazon, Google, Microsoft, Comcast, AT&T and Verizon. Facebook reportedly had initial reservations against the law, but backed down in the wake of Cambridge Analytica.

The California bill is prompting fears of a patchwork of state legislation that will complicate data handling and processing and security requirements across the country. In the net neutrality sphere, for example, the Department of Justice recently filed a lawsuit against California for attempting to regulate interstate commerce.

But even federal regulatory bodies are facing challenges to tackle major shifts in technology. FTC Commissioner Rebecca Slaughter called for more rule-making and civil penalty authority earlier this month. Without a strong enough deterrent, the commission cannot get out of after-the-fact reactions and out front of issues such as breaches and data privacy, she said.