In 2018, the GDPR changed how tech companies handle data privacy. In 2019, it’s influencing the public’s perception of internet privacy and changing how tech companies treat violations—and one another.
Last month, I wrote about the state of internet privacy in the context of the GDPR and other regulations that are transforming how data is used by online companies around the world. The article anticipated that the first GDPR fine would occur in 2019 and closed with thoughts from Apple’s Tim Scott who had voiced strong support for a federal privacy law in the United States.
One month later, Google has been hit with the first GDPR fine and Apple has gone to war with Facebook and other tech giants over data privacy practices.
On January 21, Google was fined €50 million by France’s CNIL regulatory body for a lack of data processing transparency and failure to obtain sufficient user consent for ad personalization.
Since then, a Polish data privacy organization has filed a GDPR claim against Google and the Interactive Advertising Bureau (IAB) stating that highly sensitive personal data is being used illegally for ad targeting. The complaint alleges that users are being categorized according to health status, sexual orientation, political views, and numerous other specific taxonomies.
In the meantime, Facebook has seen their fact-checking program falter, blocked a widely used ad-monitoring tool, and alarmed privacy advocates by announcing a plan to merge the messaging infrastructure of Messenger, Instagram, and WhatsApp.
Perhaps feeling the pressure of mounting controversies and Google’s GDPR fine, Mark Zuckerberg recently took to the Wall Street Journal’s opinion page to defend Facebook’s privacy practices.
But Facebook’s biggest fight of late has been with Apple who recently disabled all of Facebook’s enterprise iOS apps, leaving the entire Facebook workforce disconnected for two days. Apple found that Facebook had violated privacy guidelines by distributing an unapproved app to harvest virtually all device data, including the private messages and location data of users as young as 13 years old.
Soon it was revealed that Google was operating a similar app prompting Apple to disconnect their enterprise apps as well. The two companies pulled the offending apps and Apple restored their services a day later. Google issued an apology. Facebook did not.
To be fair, Apple hasn’t been immune from privacy issues; a Facetime user recently discovered a bug that allowed users to eavesdrop on contacts without being on an active call.
Putting internet privacy into perspective
Central to many of the recent internet regulations and privacy scandals is the advertising-based business model that powers most of the web’s biggest players, including Google and Facebook. Companies convert user behaviors and preferences into targeted advertisements by tracking activity across the internet using cookies and other means.
Regulations such as GDPR and the impending ePrivacy seek to empower consumers with more awareness and better control of these practices.
But does anyone really care?
Most people seem fine with social media’s privacy tradeoff. The Cambridge Analytica scandal should have been the seismic event to shift public perception, but there’s little evidence to show it negatively impacted Facebook’s user numbers—although it might yet affect its bottom line.
Still, there is some evidence to suggest that sharing on the site is getting less personal and that distrust is rising. The lack of viable alternatives and the fact that some of these companies are deeply entrenched in our digital lives keeps many of us hanging on, if reluctantly so.
There’s also the chance that many people still don’t understand how these companies make money, unwittingly trading their privacy for access to a convenient social network or an advanced search engine.
It seems that the more people understand about the methods used to collect and leverage their personal data for profit, the less they like it. A recent Pew Research survey found that 74% of respondents were not aware that Facebook tracks their behavior for marketing and other purposes—51% felt uncomfortable with it.
Maybe it’s because the idea of unknowingly being watched is unsettling.
Imagine how the online ad-based business model would play out in the real world: You start your day at the café reading a newspaper. Meanwhile someone at the next table is watching you and taking copious notes about the types of articles you’re reading, what type of coffee you’re drinking, and how long it takes you to drink it.
Later, you go shopping and that same guy from the coffee shop is there recording everything you show interest in, particularly the way you pause to contemplate a smart coffee maker, daydreaming about making coffee from bed with the included app.
As you make your way out to the parking lot, there he is again, that same man from the café and the department store! He’s suddenly popped up right in front of you offering a great deal on a competing coffee maker and 10% off a month’s supply of medium roast hazelnut…your favorite.
You’d probably call the guy a stalker, but on the internet, he’s just called a marketer.
Embrace internet privacy before it embraces you
Maybe Facebook only ever intended to build the best possible social network, and Google definitely never wanted to be thought of as evil, but they risk their reputations when the public has the impression that they’re hiding something.
Apple understands this dynamic and sees an opening to establish itself as the virtuous defender of online privacy. And, sensing blood in the regulatory water, is doing so at the expense of Facebook and Google.
At the recent Consumer Electronics Show (CES) in Las Vegas, Google was the center of attention with huge advertising campaigns and major product announcements. Despite its absence from the conference, Apple still managed to make a statement with a towering billboard that read “what happens on your iPhone stays on your iPhone.”
Apple’s privacy battle with Google and others will likely intensify. And while Google may have received the first GDPR fine, they’re also the biggest target. More fines are on the way, maybe for Facebook, or maybe for data brokers you’ve never heard of.
I’m pointing to elite tech companies because they’re household names, but complex internet privacy issues affect businesses of all sizes. Measures must be taken now to get ahead of GDPR and newer privacy regulations it’s already inspiring. Not only to avoid fines, but also to build trust.
By increasing marketing transparency and establishing more meaningful relationships with customers, businesses can stand out among the competition, like apples to all those oranges.