Apple’s Tim Cook Proposes U.S. Version of GDPR at Data Protection Conference

The 40th International Conference of Data Protection and Privacy Commissioners went down in Brussels, Belgium, this week, amidst a time when GDPR has been on the tip of every social media marketer's tongue.

For any communicator whose brand relies on programatic advertising in order to micro-target its customers, the enforcements of GDPR likely coming before year's end should be a wake-up call. For stateside communicators, the reforms should be understood as a harbinger of what's to come.

Following two days of closed sessions at ICDPPC, Apple CEO Tim Cook took to the stage at Wednesday's open session and instantly became one of the most prominent voices in the chorus of Americans proposing sweeping social media privacy reform (we haven't forgotten you, Sen. Mark Warner) for the United States. Cook's keynote took a potshot at "platform and algorithms" that "weaponize personal data," as senior executives from Facebook and Google watched.

Cook's risk was calculated and on-brand, reminding us that Apple has long positioned itself as an advocate of data privacy (remember when the brand stood its ground and refused to unlock phones for the CIA following a mass shooting?), despite the fact that the brand makes the very device people are putting all that personal data into.

“Our own information — from the everyday to the deeply personal — is being weaponized against us with military efficiency,” said Cook. “These scraps of data, each one harmless enough on its own, are carefully assembled, synthesized, traded and sold."

“Taken to the extreme this process creates an enduring digital profile and lets companies know you better than you may know yourself," he continued. "Your profile is a bunch of algorithms that serve up increasingly extreme content, pounding our harmless preferences into harm...we shouldn’t sugarcoat the consequences. This is surveillance.”

Cook went on to propose that the U.S. enact a similar policy to GDPR,  "a comprehensive federal privacy law" that focuses on four key rights:

The right to have personal data minimized. "Companies should challenge themselves to de-identify customer data—or not to collect it in the first place," Cook said.

The right to knowledge. "Users should always know what data is being collected and what it is being collected for," he continued. "This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham."

The right to access. "Companies should recognize that data belongs to users, and we should all make it easy for users to get a copy of, correct and delete their personal data," added Cook

The right to security. "Security is foundational to trust and to all other privacy rights," he concluded.

Cook also supported the increasingly popular belief among communicators that social media regulation will actually be good for the big platforms, as it leads to improved user trust.

“They may say to you our companies can never achieve technology’s true potential if there were strengthened privacy regulations," he said. "But this notion isn’t just wrong, it is destructive—technology’s potential is and always must be rooted in the faith people have in it. In the optimism and the creativity that stirs the hearts of individuals. In its promise and capacity to make the world a better place.”

Jim Nickerson, lead digital marketing instructor at General Assembly in San Francisco, thinks that Cook may be the industry herald that Silicon Valley needs to stop dragging its feed and start repairing trust with its end users.

"Cook's calls to action are aggressive yet achievable," Nickerson said. "They seem to come from someone more interested in creating civil society than the CEO of the world's leading tech company. I welcome this."

Nickerson also acknowledges that Cook's speech is opportunistic, and strategically timed.

"As recent data scandals at Facebook and Google exposed the companies’ lax security and privacy practices, Cook is cashing in on a long-term bet that privacy could differentiate his company from competitors," he said.

Others have pointed out that Cook's words on the importance of data protection and privacy don't extend everywhere. In Apple's fastest growing market of China, for example, former Facebook chief security officer Alex Stamos says that Cook and co. do not practice what they preach:

Stamos' point ignores the fact that the Chinese government censors its citizens' Internet usage, of course, and that any brand hoping to cut into the market has to play ball. On the domestic side, Cook's words have largely been praised as a breath of fresh air from within the industry:

Mark Zuckerberg remained silent on Cook's comments, meanwhile, instead using his time conferencing in at ICDPPC to comment on the 500,000-pound fine that British regulators slapped on Facebook for failing to protect its users during the Cambridge Analytica scandal and acknowledging that "we have a lot of work to do."

"While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015," Zuckerberg said on the call. "We are grateful that the ICO has acknowledged our full cooperation throughout their investigation."

As Zuckerberg continues to dodge direct proposals for reform from the likes of Sen. Warner and Tim Cook, we end users are reminded that we have few powerful advocates in this fight who have a sound platform to make their ideas heard. Until that changes, communicators are in position to "be the change you wish to see"— because we are both marketers and end-users, we are in an opportune place to call out and condemn instances we see user data being mishandled, or outright weaponized, for profit.

"Is Tim Cook the person who will deliver 'GDPR-US' to the privacy-starved masses in America?" wonders Nickerson. "He might just be."

Follow Justin: @Joffaloff