Apple's Cook pushes for US privacy law, with GDPR model in mind

Dive Brief:

Apple CEO Tim Cook called for a more comprehensive U.S. law around data privacy, pointing to the example of the EU's General Data Protection Regulation (GDPR), according to The Wall Street Journal. GDPR, which went into effect in late May, demands internet companies receive informed consent before collecting any information on users.
Cook's comments, made Wednesday during a keynote at an EU-organized conference in Brussels, follow several high-profile privacy controversies this year, such as Facebook's Cambridge Analytica scandal and the more recent news that Google had exposed the data of as many as 500,000 users through its now-shuttered Google+ social network.
As noted by the Journal, a U.S. law mirroring the type enforced by the EU could benefit Apple and give the company an edge over its competitors. Unlike Facebook and Google, Apple generates a large share of its revenue from selling secure, encrypted devices and not from digital advertising. During the keynote, Cook made blistering references to what he called a "data industrial complex" and lamented how personal information today is being weaponized against users with "military efficiency."

Dive Insight:

The top executive at the world's most valuable brand calling for what is essentially a GDPR model for the U.S. could be significant at a time when more government officials are trying to introduce those types of rules at the state level. Cook has long been a strong proponent of data privacy but appears to be ratcheting up his rhetoric around the topic this year. Companies in the U.S. have, to date, had relatively free reign over how data and privacy are handled, though that could change amid repeated fumbles, such as the Cambridge Analytica scandal. Many businesses — and tech firms, in particular — have resisted implementing stricter privacy laws, which makes Cook's comments stand out.

California, for example, in June adopted a privacy law that imposes more stringent rules around how businesses disclose data collected from consumers. The California Consumer Privacy Act of 2018, which is expected to go into effect in 2020, has been met with pushback from Amazon, Google, Microsoft, Comcast, AT&T and Verizon. Facebook reportedly had initial reservations against the law, but backed down in the wake of Cambridge Analytica.

Cook citing GDPR as an example to potentially emulate in the U.S. has interesting implications for marketers as well. GDPR impacts marketers because it affects their ability to target advertising and build stronger profiles of their customers online. The labyrinthine set of rules from the EU, however, has been a bit of a black box for the industry, where it's not always clear who bears the brunt of responsibility in securing compliance along a digital advertising pipeline that includes brands, agencies, ad tech firms, publishers and more.

Having to meet both EU and U.S. requirements around compliance could further complicate digital marketers' business as the demand for better marketing personalization ramps up. It's also possible a broader U.S. privacy law wouldn't necessarily have an outsized impact on companies like Facebook and Google. Before GDPR's implementation, there were rumblings that the rules could actually benefit the massive tech companies they were supposed to be reigning in. The speculation at the time was that Facebook and Google's ability to quickly implement scalable, sophisticated compliance solutions, coupled with users' familiarity with their brands, would give them an advantage that smaller companies don't have.