When Europe’s General Data Privacy Regulation took effect in May, Apple promised its users in other areas, notably the United States, that it would provide similar services this year. That time has come. As of Oct. 17, Apple customers can download the data that Apple has on them simply by asking, just like Apple customers in Europe have been able to do since May.
This policy stands in sharp contrast to the practices of Google and Facebook, which gather vast stores of user data, then provide it to others—either by selling it or by making it available through targeted ad placements. Facebook recently made its user data available on request. Now Apple is doing the same.
New 'Privacy Portal'
To accomplish this, Apple has created a privacy portal where you’ll be asked to enter your Apple ID and password. If you have two-factor authentication set up, then you’ll be asked to respond to the 2FA prompt. Once you do that, you’ll be presented with a menu titled “Manage your data” that has four choices, including deactivating and deleting your account. You can also get a copy of your data or ask Apple to correct errors.
Once you’ve told Apple that you want a copy of your data, you’ll be presented with a menu listing all of the types of data that Apple has available for you to download. One of the choices is “Select all,” which gives you everything. You may see a warning that it may take a long time to download your photos and other large files. Apple says it will take up to seven days to provide the data, with a portion of that time being verification that it’s you who is asking for it. There’s a support page explaining all of this in detail.
Unlike other tech companies, Apple goes to great length to explain what it does with your data and how it protects it. This includes a detailed description of how Apple manages your privacy, its approach to protecting your privacy and its approach to government requests for your personal information.
Apple also provides transparency reports that describe in as much detail as possible the requests by various governments for personal data. A check of the actual reports reveals that Apple honors such requests in the U.S. about 80 percent of the time.
Meeting All the Requirements of GDPR
It appears that Apple is meeting most, if not all, of the privacy requirements of the GDPR, where they’re applicable. This includes the somewhat contentious “right to be forgotten,” which it satisfies with its ability to delete your accounts and remove all information related to them.
Of course, Apple is making sure it complies with the GDPR requirements in Europe, where the penalties for non-compliance are substantial. But what’s unusual is that it appears to be adopting one privacy system for Europe and the rest of the world over time. Now that it’s complied with Europe’s requirements, the new privacy features and protections have come to the United States as well as Canada, Australia and New Zealand. Apple has said that it plans to roll out its privacy protections worldwide, but how soon that will take place isn’t clear.
While Apple is at the forefront of privacy protections, it’s unlikely to be the only company adopting a single set of privacy standards for all its customers. The company is clearly getting a favorable reaction to its actions, and this will be seen by other companies.
Different Sets of Privacy Standards Can Be Problematic
On a more practical basis, maintaining different sets of privacy standards for each location where a company operates is complex and expensive, and it increases the chances for errors in which a company might not meet the requirements of some locations due to that complexity.
However, by simply adopting the tightest requirements, in this case the GDPR, then a company only has to administer its compliance in one way. The fact that it might exceed the requirements in some places isn’t going to be a problem, and it will save the company the costs associated with managing complexity.
Apple’s approach makes a lot of sense, it’s good for its customers, and there’s only one set of rules with which to comply. I think you’ll start seeing more companies following Apple’s lead in the privacy arena, if only because it’s easier and, in the long run, less expensive.