Everything you need to know about Apple's GDPR privacy upgrade

Credit to Author: Jonny Evans| Date: Fri, 13 Apr 2018 08:07:00 -0700

Apple is updating its products and services to bring them in line with the EU’s forthcoming privacy protection rules (GDPR). Among other improvements, customers will be able to download all the information Apple keeps about them.

Europe is about to introduce General Data Protection Regulations, (GDPR). These rules are designed to bring existing data protection laws into the 21stCentury, they allow individuals the right to see what information companies hold about them, oblige business to handle data more responsibly, and put a new set of fines and regulations in place. Almost any entity that handles personal data will be impacted by the rules, which you can read here. These changes may be taking place in Europe, but there is expectation most big tech firms will apply similar protections outside Europe, which will give more effective protection to most people – which is a good thing.

Europe’s tough stance on personal privacy had already prompted many in the tech industry to get their act together. The Facebook/Cambridge Analytica scandalmeans many more of us now understand why such protection matters, particularly at a point in human history at which so much of what happens next will be defined by AI and data analytics. This information is powerful.

“We’ve never believed that these detailed profiles of people, that have incredibly deep personal information that is patched together from several sources, should exist,”Apple CEO TimCook recently said. They can be “abused against our democracy,” he observed.

Apple recently introduced updated privacy protections across all its products, which now offer a new Data & Privacy screen during setup. This explains how Apple and apps use your data and promises that the company’s solutions are designed to minimize the collection and use of your data. It also describes how on-device processing is used whenever possible.

Apple explains:

“When we use data to create better experiences for you, we work hard to do it in a way that doesn’t compromise your privacy. One example is our pioneering use of Differential Privacy, where we scramble your data and combine it with the data of millions of others. So we see general patterns, rather than specifics that could be traced back to you. These patterns help us identify things like the most popular emoji, the best QuickType suggestions, and energy consumption rates in Safari.”

Effectively this means Apple’s products are private by design, which should open up interesting opportunities for the company in future.

These aren’t the only privacy enhancements we can look forward from Apple as it prepares for GDPR rules to become mandatory in May.

The company has said it plans to update its Apple ID management page with a way to let users download a copy of all the data they have stored with the company.

The company will allow users to download data across individual apps, which means data concerning your music playback choices or which news stories you’ve been reading will be as easy to download as information about the contents of your Contacts or Calendar apps.  

That’s the equivalent of the data Facebook allows its users to download about themselves, though Apple’s pre-existing commitment to privacy means we don’t expect too many unpleasant surprises – though I will be paying particular attention to Location data logs when I check my records.

Apple also intends making it much easier for its customers to control their data. That means we’ll be able to:

That’s a significant improvement – you have been able to do some of these things by contacting the company, but this takes time – these new tools will empower customers to vet and manage their own information.

Apple closed out March by providing developers with an extensive set of tools to help them handle data requests made by EU users under new GDPR rules. These will enable developers to let users “manage data that’s associated with your app and stored in iCloud by using native APIs and Web APIs,” the company said. These will also include tools to enable a developer’s own users to delete their data from a developer’s app. More here.

Apple has already begun introducing these improvements. The most recent software updates introduced new Privacy rules and systems and a new Privacy icon that appears when an app requests your personal data. The company says the additional enhancements discussed here are scheduled for introduction in Europe as GDPR rules come into effect on May 25. The iPhone maker says it will make these features available to customers outside Europe at a later point.

Cook has gone on record to call privacy a “human right”. He’s highly critical of companies whose business plan is to monetize customers, saying:

“The truth is, we could make a ton of money if we monetised our customer… We’ve elected not to do that. We’re not going to traffic in your personal life. Privacy to us is a human right, a civil liberty.”

Apple as a company has an extensive privacy governance structure which is described here.

Its employees are required to take privacy training and it has a Privacy Board made up of a cross functional group of senior representatives from across the company that handles privacy-related issues.

Apple details its privacy policies, tools and reports in the Privacy section of its website here.

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and get involved with the conversation as we pursue the spirit of the New Model Apple?

Got a story? Please drop me a line via Twitter and let me know. I’d like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.

http://www.computerworld.com/category/security/index.rss