For tech giants, self-regulation should be backed up by legislation
Regulation - such as the EU's General Data Protection rules being launched in May - is a more reliable way to ensure a level playing field
It's easy to understand Apple chief executive Tim Cook's somewhat self-righteous comments on the Facebook-Cambridge Analytica scandal: his company has never emphasised customer data monetisation, and privacy has been one of its persistent selling points.
Apple still collects our data - and reserves the right to share it - but the company has a much better track record than newer tech titans.
"The truth is, we could make a ton of money if we monetised our customer - if our customer was our product," Mr Cook said last weekl. "We've elected not to do that." Asked what he'd do if he were in Facebook CEO Mark Zuckerberg's shoes, he replied, "I wouldn't be in this situation."
In reality, Apple collects more information about its customers than Facebook because it offers more products and services. It knows everything from an iPhone's location to its owner's taste in movies and music. It's all in the company's privacy statement, including the frank admission that Apple will share the data with "strategic partners that work with Apple to provide products and services, or that help Apple market to customers" and with law enforcement. Apple also lets applications that run on its platform (including Facebook) hoover up data. And it does have a small ad platform that allows targeted advertising.
Apple's closest equivalent in terms of data collection, sharing and "pass-through" to app developers is Google, which offers about the same array of services (plus search) and also owns mobile and desktop operating systems. The difference is that Apple has imposed some voluntary restrictions on itself: for example, it anonymises location data (unless you're using the "Find My iPhone" feature) and generally employs "differential privacy" - a cryptography-based practice of obtaining usage and preference data without linking it to specific users. Google and Microsoft also use that to some degree, and a co-inventor of differential privacy, Cynthia Dwork, has even worked for Microsoft Research, but Apple was the first to market the technique as an advantage for its customers.
Mr Cook clearly thinks of these self-restrictions as a good way of staving off external regulation. On Wednesday, he scolded Facebook for not being as far-sighted. "I think the best regulation is no regulation, is self-regulation," he said. "However, I think we're beyond that here."
As a user, however, I wouldn't put much trust in any company's ability to regulate itself. Mr Cook has been wary of monetising Apple's user base, but he won't be CEO forever. And people do change their mind, especially when it comes to picking up money that's there for the taking. Regulation - such as the EU's General Data Protection regulation, launching in May - is a more reliable way to ensure a level playing field. That's why Google, Apple and Microsoft all have good, convenient privacy controls which allow the user to turn off various kinds of data collection, erase data that companies already have and opt out of targeted advertising. Facebook, too, promises to put such controls in place soon.
But even external regulation isn't a reliable guarantee of privacy. Most people won't fiddle with the controls because they may not even realise what all the fuss is about. And by default, companies with advertising-based business models will want to collect as much information as they can and anonymise as little of it as they can. Neither Google nor Facebook, for example, will make the same commitment as Microsoft that no ads will be targeted based on your email and chat contents. Nor will they make it as easy as Apple and Microsoft make to shut off ad personalisation.
No regulator will take care of that: it's not their goal to kill off the ad-based business model and with it Facebook and Google, and the model won't work without data collection and ad targeting.
The only real guarantee that companies won't go overboard in invading customers' privacy is that they have large revenue streams which make it an unnecessary risk. Apple is reliable in this regard: it's a hardware company that also sells content and software on commission and on a subscription basis. Microsoft, with its cloud, software licensing and subscription businesses, is even less likely to go rogue in data collection because it no longer has a mobile platform to speak of.
That's why Microsoft and Apple aren't suffering much from the Cambridge Analytica-triggered tech sell-off. Microsoft shares are up 4.5 per cent since the beginning of the year, Apple shares are down just 1.63 per cent. That compares to Google's 4.6 per cent drop and Facebook's 13.3 per cent dive. I believe the gains made by Twitter and Snap, two companies fully dependent on ads and information-gathering, are a temporary fluke: they aren't as frequently mentioned in connection with data harvesting as Google and Facebook. As heavier regulation of the ad model becomes reality, they will inevitably suffer as much as their ad-based peers.
Monetisation through ads was the only relatively easy choice for companies not offering any products or services that people wanted to buy. That revenue stream, however, is not as easy to hold on to as those coming directly from customers. Those of us who remember the fat days of ad-financed media know that better than anyone.
The tech firms that fell back on ads will need to offer value to customers, not advertisers, as the best "legacy" media companies have learned to do.
Updated: April 1, 2018 03:30 PM