Last week, Apple CEO Tim Cook delivered the keynote speech for a security conference in Brussels, Belgium, where he passionately advocated for the United States to implement a federal data privacy law similar to the EU’s GDPR.
Not only did he call for a data privacy law with teeth, he framed the issue as a battle between corporations that are using technological advances to “weaponize” consumer data for their own enrichment and those that recognize the need to respect consumer privacy rights.
Analysts and tech executives said they believe Cook’s clear call for legislative action will move the needle on data privacy rights.
“Influential figures like Tim Cook speaking out against the misconception that laws like CCPA and GDPR will hamper technical innovation and profitability is a powerful tool in changing the conversation about legislation,” said Jessica Ortega, product marketing associate at Sitelock, a web security vendor.
Christopher Plummer, senior cybersecurity analyst at Catholic Medical Center, said Cook’s stance on a federal data privacy law will not only have pull in federal and congressional debates, but with the general public as well.
“[This speech] is undeniably powerful — nearly half of Americans with a phone in their hands have one created by Apple, all of whom will positively benefit from the climate [Cook] is cultivating,” Plummer said.
Business community reaction
Ortega said she expects Cook’s advocacy for federal privacy legislation to meet resistance from the large segments of the business community — and not just from some of the big tech companies whose business models depend on collecting massive amounts of consumer data.
“Businesses and lobbyists have been vocal against more consumer protective regulations because of the cost involved with implementing changes to be compliant,” she said.
Dana Simberkoff, chief risk, privacy and information security officer at AvePoint, a GRC vendor, said she believes Cook’s speech has shined a much-needed light on data privacy rights.
“While consumers are increasingly aware that they have privacy rights that companies may not be honoring, it’s also clear that they do not quite understand what these rights are — or how they can exercise them,” Simberkoff said.
Unlike some, she also views the federal data privacy law as ultimately proving to be good for businesses. “This legislation will create more legal certainty for businesses and help build consumers’ confidence and trust in businesses’ privacy controls and practices,” she said.
Follow the GDPR model?
As for whether a federal data privacy law should follow the European model laid out in GDPR — Cook called the regulation “very successful” in his speech — some our experts said it was too early to pronounce GDPR a model of data privacy protection success.
“It is difficult to know whether or not the specific law is a success,” Ortega said, adding that it certainly “has changed the way we talk about data privacy and consumer protections.”
Rene Kolga, senior director of product management at security vendor Nyotron, said that although GDPR is in its infancy, it should be studied as a template for a potential federal law in the United States.
“It is clear that the U.S. does not take privacy nearly as seriously as does the EU. As the population starts realizing the scary powers that organizations now have based on your digital breadcrumbs, this will start to change,” Kolga said.