Hello all! For our subscribers in the northern hemisphere, I hope you are all staying warm during these winter months.
One of the stories in this week’s Privacy Insider caught my eye—it’s a deep dive into Apple’s data collection practices. Apple has made privacy-consciousness part of its brand. It has, for instance, set strict privacy standards in the App Store and has even refused to unlock users’ devices for the FBI. But as the device manufacturer adds services and advertising to its offerings, it has inevitably become invested in the collection of user data.
If your business involves the sale of advertisements, then at least some collection of user data is unavoidable. However, there is a fine line to tread between strictly necessary data collection and excessive, invasive, and even dangerous levels of collection. Apple may struggle to tread that line given its history of being a privacy-first brand and its recent forays into digital services and advertising.
For example, researchers have determined that though Apple claims that iPhone usage data is anonymous, it can actually identify users’ names, email addresses, and phone numbers through iPhone analytics data. Researchers have also shown that Apple can view everything you tap on in the App Store.
There have also been allegations that Apple’s pro-privacy stance is just another way for it to achieve its business goals. Apple has lobbied against right-to-repair bills on the basis that third-party repair shops could access user data and violate their privacy. (What else could explain a device manufacturer’s opposition to repairing old devices rather than buying new ones?)
It has also faced anticompetition criticism over which apps it does and does not allow on the App Store, insisting that the App Store’s restrictions are there solely to protect user privacy. User privacy is important, but it’s also a convenient way to direct consumers to Apple products and services.
It’s always instructive to see what positions Big Tech companies take on privacy issues. These businesses’ technologies shape our economy, society, and way of life; many of them have an almost hostile attitude to data privacy, while others—like Apple—appear to embrace it. The question is: Can we all still benefit even if Big Tech’s pro-privacy position is a selfish one?
Best,
Arlo
TikTok fined in France for manipulative cookie-consent flow
France’s data protection authority, the CNIL, recently issued a €5 million fine against TikTok for manipulative design practices surrounding the social media app’s cookie consent mechanism. Essentially, TikTok made it far easier to accept cookies than to reject them. A notable feature of this enforcement action is that it occurred under the EU’s ePrivacy Directive rather than the GDPR, enabling France to directly penalize companies like TikTok, Google, and Meta without having to route complaints through to a business’s lead data supervisor in the EU. In TikTok’s case, this would have been the Irish Data Protection Commission.
All the data Apple collects about you—and how to limit it
In recent years, Apple has garnered a reputation for its stance on privacy. However, that doesn’t mean Apple isn’t collecting data on its users, nor that its data collection practices are wholly above board. This deep dive explains where and how Apple collects user data and what users can do to limit its collection.
Proposed state privacy law updates for 2023
The new year saw several U.S. data privacy laws come online, with more to come in 2023. Right now, even more data privacy laws are up for consideration in various state legislatures. Find out which states are considering privacy laws, and whether 2024 will feature even more privacy laws for businesses to contend with.
Court of Justice of the EU decides that GDPR Right of access allows data subjects to request the identity of each data recipient
The Court of Justice of the EU (CJEU) has determined that the GDPR’s right of access grants data subjects the right to ask for either the identity of the recipients of their data or the categories of the recipients of their data. The ruling underscores the importance of collaborating with vendors who process data on a business’s behalf and remaining aware of which vendors process user data.
Biden calls on Congress to unite on federal privacy legislation
In a Wall Street Journal op-ed, President Joe Biden laid out his administration’s goals when it comes to Big Tech and data collection practices, including the need for data privacy protections, transparency around content algorithms, and greater collaboration. To accomplish these goals, President Biden called for the new Congress to work on bipartisan proposals to protect privacy, prevent harmful content, and tackles anticompetitive conduct.
An interview with the guy who has all your data
Data brokers are a poorly understood business category, yet they have granular data on billions of individuals across the globe. Gizmodo reporters sat down with the CEO of a data broker to better understand this industry and its ramifications on society.
Osano blog: Choosing the right DSAR platform for your business
With the CPRA and other laws, more businesses are receiving data subject access requests (DSARs) than ever before. They’ll quickly discover that handling DSARs with only spreadsheets and email isn’t a sustainable business practice. DSAR solutions exist, but they aren’t made equal; check out our blog to learn more about the essentials to look for when evaluating DSAR solutions.
Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.