If Apple is the only outfit capable of defending our privacy, it really is time to worry | John Naughton

A giant private company is doing the work governments should be doing on regulation of user data. That’s not a good thing

A few weeks ago, Apple dropped its long-promised bombshell on the data-tracking industry. The latest version (14.5) of iOS – the operating system of the iPhone – included a provision that required app users explicitly to confirm that they wished to be tracked across the internet in their online activities. At the heart of the switch is a code known as “the identifier for advertisers” or IDFA. It turns out that every iPhone comes with one of these identifiers, the object of which is to provide hucksters with aggregate data about the user’s interests. For years, iPhone users had had the option to switch it off by digging into the privacy settings of their devices, but, because they’re human, very few had bothered to do that.

From 14.5 onwards, however, they couldn’t avoid making a decision and you didn’t have to be a Nobel laureate to guess that most iPhone users would opt out. Which explains why those who profit from the data-tracking racket had for months been going apeshit about Apple’s perfidy. Some of the defensive PR mounted on their behalf, for example Facebook’s weeping about the impact on small, defenceless businesses, defied parody. Other counteroffensives included attacks on Apple’s monopolistic control over its App store and charges of rank hypocrisy – that changes in version 14.5 were not motivated by Apple’s concerns for users’ privacy but by its own plans to enter the advertising business. And so on.

It will be a while until we know for sure whether the apocalyptic fears of the data-trackers were accurate. It takes time for most iPhone users to install operating system updates and so these are still relatively early days. But the first figures are promising. One data analytics company, for example, has found that in the early weeks the daily opt-out rate for American users has been about 94%. This is much higher than surveys conducted in the run-up to the change had suggested – one had estimated an opt-out rate closer to 60%.

If the opt-out rate is as high as we’ve seen so far, then it’s bad news for the data-tracking racket, which the Financial Times estimates to be a $350bn industry, and good news for humanity.

The computerised, high-speed auction system in which online ads are traded seems not to be compatible with the law – and is currently unregulated. That is the conclusion of a remarkable recent investigation by two legal scholars, Michael Veale and Frederik Zuiderveen Borgesius, who set out to examine whether this “real-time bidding” (RTB) system conforms to European data-protection law. They asked whether RTB complies with three rules of the European GDPR (General Data Protection Regulation) – the requirement for a legal basis, transparency and security. They showed that for each of the requirements, most RTB practices do not comply. “Indeed,” they wrote, “it seems close to impossible to make RTB comply.” So, they concluded, it needs to be regulated.

It does. Often the problem with tech regulation is that our legal systems need to be overhauled to deal with digital technology. But the irony in this particular case is that there’s no need for such an overhaul: Europe already has the law in place. It’s the GDPR, which is part of the legal code of every EU country and has provision for swingeing punishments for infringers. The problem is that it’s not being effectively enforced.

Why not? The answer is that the EU delegates regulatory power to the relevant institutions – in this case data protection authorities – of its member states. And these local outfits are overwhelmed by the scale of the task and are lamentably under-resourced for it. Half of Europe’s DPAs have only five technical experts or fewer. And the Irish data protection authority, on whose patch most of the tech giants have their European HQs, has the heaviest enforcement workload in Europe and is clearly swamped.

So here’s where we are: an online system has been running wild for years, generating billions in profits for its participants. We have evidence of its illegitimacy and a powerful law on the statute book that in principle could bring it under control, but which we appear unable to enforce. And the only body that has, to date, been able to exert real control over the aforementioned racket is… a giant private company that itself is subject to serious concerns about its monopolistic behaviour. And the question for today: where is democracy in all this? You only have to ask to know the answer.

What I’ve been reading

Plugged in
The Lithium Gold Rush: Inside the Race to Power Electric Vehicles is an absorbing and imaginative New York Times essay.

Human capital
An intriguing (and counterintuitive) post on the Noahpinion blog on why the economic impact of pandemic lockdowns is not what you think.

Idol worship
The Martian is a crisp analysis of Elon Musk by Scott Galloway.


John Naughton

The GuardianTramp

Related Content

Article image
Apple comes out swinging in the duel of the data titans | John Naughton
The tech firm’s new mobile operating system can stop apps tracking you, but is it as big a deal as everyone, especially Facebook, thinks?

John Naughton

01, May, 2021 @3:00 PM

Article image
Apple’s plan to scan images will allow governments into smartphones | John Naughton
Client-side scanning, as the technology is called, should really be treated like wiretapping and regulated accordingly

John Naughton

16, Oct, 2021 @3:00 PM

Article image
Apple's iOS update will be bad news for developers, but a boon for users | John Naughton
The tech giant’s monopoly over App Store content will bring a change to data privacy on its devices that has advertisers worried

John Naughton

05, Sep, 2020 @3:00 PM

Article image
Data-hucksters beware: online privacy is returning | John Naughton
Next May, an EU regulation will enshrine the protection of personal data into law and not even Brexit is going to stop it

John Naughton

20, Aug, 2017 @5:59 AM

Article image
Think your iPhone is safe from hackers? That’s what they want you to think…
Forget Apple’s much-vaunted iOS safeguards – attackers have been quietly breaking and entering for years

John Naughton

08, Sep, 2019 @6:00 AM

Article image
More choice on privacy just means more chances to do what’s best for big tech | John Naughton
A study of how Facebook, Google and Microsoft have applied the EU’s new GDPR rules shows users are being manipulated

John Naughton

08, Jul, 2018 @6:00 AM

Article image
What happens to Apple’s iCloud in China
Apple’s much-vaunted principles melt away under China’s cybersecurity law, which allows the state to access our data

John Naughton

04, Mar, 2018 @7:00 AM

Article image
Is it payback time for Apple as the EU goes after its licences to print money? | John Naughton
The giant faces a probe into its lucrative App Store and phone payment system

John Naughton

27, Jun, 2020 @3:00 PM

Article image
The social app Clubhouse is an invitation to trouble | John Naughton
The startup’s invitation-only model gives it a sheen of exclusivity, but privacy horrors lurk behind the buzz

John Naughton

20, Feb, 2021 @4:00 PM

Article image
Don’t just blame Facebook for taking your data – most online publishers are at it too | John Naughton
Online surveillance is rife but there are plenty of tools available to help preserve your privacy

John Naughton

08, Apr, 2018 @6:00 AM