Tim Cook demands a way for users to delete their personal data

Apple CEO Tim Cook continued to fight for data privacy last week.

Writing in an op-ed for Time magazine, Cook lambasted what he called the “shadow economy” of data brokers that silently collect our information online, package it and sell it to willing buyers.

One of the biggest challenges in protecting privacy is that many of the violations are invisible…

The trail disappears before you even know there is a trail. Right now, all of these secondary markets for your information exist in a shadow economy that’s largely unchecked – out of sight of consumers, regulators and lawmakers.

Cook made explicit demands on the government. He said that we need new federal standards for data collection and called on the Federal Trade Commission (FTC) to create a data-broker clearinghouse: a place where companies that collect and sell personal information would be required to register and which would give consumers a way to find exactly who collected what and to easily stamp it all out of existence:

We believe the Federal Trade Commission should establish a data-broker clearinghouse, requiring all data brokers to register, enabling consumers to track the transactions that have bundled and sold their data from place to place, and giving users the power to delete their data on demand, freely, easily and online, once and for all.

Right now, Cook said, there’s no federal standard protecting consumers. He called on the US Congress to pass “comprehensive federal privacy legislation” and reiterated four principles that he presented to a global body of privacy regulators last year:

First, the right to have personal data minimized. Companies should challenge themselves to strip identifying information from customer data or avoid collecting it in the first place. Second, the right to knowledge – to know what data is being collected and why. Third, the right to access. Companies should make it easy for you to access, correct and delete your personal data. And fourth, the right to data security, without which trust is impossible.

Cook didn’t name names, but you can read between the lines to see Facebook’s and Google’s privacy indiscretions throbbing away. He’s repeatedly called for privacy-friendly business models for the technology industry’s top firms.

For one, in a speech at the 40th International Conference of Data Protection and Privacy Commissioners, Cook last year warned regulators that the technology industry was building an “industrial data complex“ that was getting out of control. He’s also criticized Facebook for having a business model that involves selling users’ data.

Cook’s subsequently been called out for hypocrisy. Alex Stamos, the former security chief at Facebook, shot back at Cook in October, pointing out that Apple’s privacy-centric approach isn’t evenly distributed. Apple’s practices in China are a prime example, he said in a Tweetstorm, calling on Apple to…

…come clean on how iCloud works in China and stop setting damaging precedents for how willing American companies will be to service the internal security desires of the Chinese Communist Party.

In July, Apple moved the storage of its iCloud data for China-based users to Tianyi, the cloud storage arm of state-owned telco China Telecom, raising privacy concerns.

Cook’s is just one voice among many that are clamoring for regulation. The most recent push to regulate big tech companies came from Senator Marco Rubio, who on Wednesday announced a new bill, titled the American Data Dissemination Act.

Such legislation may sound consumer- and privacy-friendly at first blush, but the devil’s in the details. Last week, the Information Technology and Innovation Foundation (ITIF) – a leading technology policy think tank supported by Google, Amazon and Facebook – suggested to lawmakers that any new federal data privacy bill should preempt state privacy laws and repeal the sector-specific federal ones entirely.

Putting the fox in charge of the hen house?

But the proposal would also override existing laws, some of which are legislative landmarks, such as the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), and the Children’s Online Privacy Protection Act (COPPA), among others.

Senator Richard Blumenthal, who in the past has called for the FTC to investigate companies like Google for potential COPPA violations, said that trusting tech companies to write their own privacy regulations is like putting the fox in charge of the hen house:

If Big Tech thinks this is a reasonable framework for privacy legislation, they should be embarrassed. This proposal would protect no one – it is only a grand bargain for the companies who regularly exploit consumer data for private gain and seek to evade transparency and accountability.

Big tech cannot be trusted to write its own rules – a reality this proposal only underscores. I look forward to rolling out bipartisan privacy legislation that does in fact ‘maximize consumer privacy,’ and puts consumers first.

Amidst all this debate over privacy, Cook said, we can’t lose sight of “the most important constituency: individuals trying to win back their right to privacy.” From his article:

Technology has the potential to keep changing the world for the better, but it will never achieve that potential without the full faith and confidence of the people who use it.