Cybersecurity, Emerging Issues in Security

Tim Cook Suggests Implementing GDPR-Like Policy in the United States

Speaking at the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels, Belgium, Apple CEO Tim Cook has joined the chorus of privacy advocates calling for stricter privacy regulations. His keynote speech hammered (not by name) the numerous tech companies whose business models thrive by vacuuming up the personal information of their user base and using it in as many ways as possible to not only generate quarterly profits but also drive future growth at the expense of “human values.”

Justice statue with code on screen in background

simpson33 / iStock / Getty Images Plus / Getty Images

This is far from the first time Cook has been critical of the tech world’s constant need to gather more and more personal information from consumers, but this might be his most explicit call for change. He makes that clear by referring to his competitors’ data practices as the “data industrial complex,” a direct reference to President Dwight Eisenhower’s warnings about the growing “military industrial complex” in the 1950s. Cook notes that “our own information—from the everyday to the deeply personal—is being weaponized against us with military efficiency,” referring to the practice of data collection as “surveillance.”

In his October 24 keynote, Cook stated that Apple is “in full support of a comprehensive, federal privacy law in the United States.” He backs his assertion with four priorities any federal-level privacy law should address:

  1. Consumers have the right to minimize what data companies are allowed to collect and keep and should de-identify any data they currently have.
  2. Companies need to be fully transparent about what data they collect and what they are using them for, giving users the ability to decide what types of data collection represent legitimate uses of their personal information.
  3. Users should have a right to ownership over their data, and it should be easy to obtain, edit, or delete any personal information a company has on file.
  4. Everyone has a right to security, which is “foundational to trust and all other privacy rights.”

Codifying these principles in a federal law would better align the United States with what the European Union has put in place through the implementation of the General Data Protection Regulation (GDPR). While there have been ongoing discussions over drafting federal data privacy regulations, those talks are still in a very early stage.