Your iPhone gets new privacy controls as Apple positions itself as the un-Facebook
Apple has unveiled new privacy controls to let iPhone, iPad, Apple TV and Mac users delete their Apple accounts or get a copy of everything Apple knows about them.
The move comes as a storm continues to blow around Facebook’s lack of control over customer data, which has now cost the social media giant almost $100bn in company value.
Apple’s initiative is timed ahead of Europe’s upcoming GDPR data privacy law, which tightens up on rules that companies have to follow when dealing with users’ personal information.
Specifically, Apple’s new privacy management tools will give its customers the ability to get a copy of their data, request a correction to their data, or deactivate or delete their accounts.
This means personal information relating to things such as iCloud data, Game Centre details or marketing communications.
What it doesn’t include are the reams of content within apps like iMessage, Apple Pay, Siri, Maps or Photos Search because Apple doesn’t collect that type of user data in the first place.
This is a point that the company has been at pains to emphasise as a differentiating issue between it and companies such as Google and Facebook, especially in recent days.
“The truth is, we could make a ton of money if we monetised our customer if our customer was our product,” said Apple chief executive Tim Cook in an interview to be broadcast next month with Recode’s Kara Swisher. “We’ve elected not to do that.”
To push home the point, Cook was happy to expand on the basic privacy issues at stake in Facebook’s recent controversy.
He criticised Facebook for building “these detailed profiles of people ... patched together from several sources”. Asked whether Facebook should still be entitled to self-regulation, he responded: “I think we’re beyond that here.”
Apple’s latest privacy tools will show up on Apple ID account pages.
Deleting an Apple account will take seven days under the new system. This is partially to make sure that someone’s account has not been taken over by an unauthorised person. The company will take certain steps to check whether it’s really you nuking your account, such as matching your home location with the location of the deletion request.
However, like Facebook, Apple also offers a ‘deactivation’ status for an account. In this mode, Apple services won’t process any personal data associated with the account, such as delivering emails to a registered Apple email address. (The company will check for a secondary email address instead.)
While Apple is moving privacy front and centre, it will face some familiar challenges. Some of the screens are several paragraphs framed in language that’s usually associated with ‘terms and conditions’ sections. That’s probably necessary for clarity and legal certainty but also means many users might not understand it or assume it’s jargon that they can ignore.
The privacy update won’t change the company’s position on iMessage encryption, either.
Apple’s software engineering boss Craig Federighi said this week that Apple won’t consider weakening its stance on handing over access to encrypted iMessage content, no matter which police authority comes looking for it.
“Proposals that involve giving the keys to customers' device data to anyone but the customer inject new and dangerous weaknesses into product security," he told The New York Times. "Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses or even manage vital infrastructure like power grids and transportation systems.”
The EU’s GDPR law, which comes into force on May 25th, will introduce fines of up to €20m or 4pc of global turnover. The Irish Data Protection Commissioner, Helen Dixon, has repeatedly said that she will use the full extent of the law where she finds violations of citizens’ data privacy.
Ms Dixon is currently at the final stages of a report into Yahoo’s giant data breach in 2014, which affected up to 500m users.