Apple launched a refreshed privacy website on Wednesday, updating the minisite to better educate its customers on how the company works to protect the user's personal data across all of its products and services, as well as opening up a system for US users to request all of their data from Apple.
A regularly updated section of the Apple website, the privacy minisite covers a variety of areas, offering as much information to users about the iPhone producer's approach to handling and securing user data. With the wealth of data stored on an iPhone, iPad, or Mac, Apple is keen to offer explanations to its user base, in order to continue building trust between the company and the people who buy its products.
As with previous versions, Apple divides the site into three main areas, covering its approach to privacy, how users can manage their privacy, and transparency reports, along with a link to the company's privacy policy.
Data Security and Usage
The "Our Approach to Privacy" section gives users an overview on how Apple protects a user's personal information. It explains how a variety of different techniques and tools are used across assorted apps and services, such as encryption and using on-device intelligence, while also teaching the user about concepts like Differential Privacy, which allows for some data to be collected by Apple but with extra random information added to prevent it from being linked to a specific device.
In cases like Apple Pay, Apple details how a credit or debit card's data is used to set up the service, namely that it is securely sent to the card issuer for confirmation and not stored on servers, but a unique Device Account Number is created and stored only on the device's Secure Element. Purchases aren't tracked, though anonymized transaction information is collected for analysis purposes, and that the Device Account Number and a dynamic security code are used for the transaction rather than any actual card details.
For Safari, Apple adds a section highlighting the updated Intelligent Tracking Prevention system in iOS 12 and macOS Mojave, where third-party tracking sites can only create cookies or store data with the user's explicit consent. For CarPlay, Apple adds a section where it always requires third-party apps "to provide a privacy policy" for review.
A later section covers services where there is an element of personalization, an area where data is more likely to be collected, albeit with as much protection as Apple can apply.
Apple Music has an addition to its paragraph about the Apple Music Friends feature that allows users to share their favorite music with others, and decide who gets to see the tracks in their profile. Apple advises the service only has access to contacts the user elects to add to the feature, and not the user's entire contact list.
The later section covering tools provided to developers to keep the user's data secure also has changes to the language used, including more mentions of machine learning, such as including Core ML alongside Touch ID, Face ID, 256-bit encryption, and app transport security at the top. For the Machine Learning extract, Apple name-checks the Create ML and Core ML frameworks available to developers for on-device processing.
HealthKit's additions include a reference to Health Records data being encrypted and protected with the iPhone passcode, and that if users share data with trusted third-party apps, it passes directly from HealthKit to the app without passing through Apple's servers.
Privacy Management and User Data Requests
The "Manage your Privacy" section, which provides advice to users on how they can secure devices and accounts themselves, has new text under "Take charge of your data" advising users of Apple's dedicated tools on the Data and Privacy page.
Previously available to customers in the European Union and a number of other countries since May, due to the introduction of the General Data Protection Regulation (GDPR), the Data and Privacy portal provides a one-stop-shop for users in the United States to request a copy of their data, corrections, and to deactivate or delete their account.
The process is an improvement on previous methods to ask for Apple-held data, with users able to select what they wish to see from a list, then receive what they selected a short time later after Apple confirms the user is genuine and compiles the collection. While there were tools already available to request, correct, and delete data, the new portal serves as a single point of access, rather than requiring users to request for elements separately through various processes.
In AppleInsider's trial of the system when it was enabled in Europe, users were able to acquire their activity for the App, iTunes, iBooks stores and Apple Music, as well as Apple ID account and device information, iCloud-stored contacts, Notes, Calendars and Reminders, Bookmarks and Reading List, AppleCare support history, and other data.
An email sent by Apple advising requested data is available to download, shortly after the request tool's launch in Europe.
Further down the page, Apple deals with how users can manage what data apps and services can share with each other.
The Emergency SOS function of the Apple Watch adds language relating to what the Apple Watch does when an emergency occurs. Under the new site, Apple advises the user's location is sent to "any nearby emergency services that use the Rapid SOS service" when it is triggered, and that any data shared is deleted after 24 hours.
Along with parental controls and Family Sharing, Apple now advises parents of the existence of Screen Time, to monitor and control how much time children spend using apps and browsing websites. Activity Reports are highlighted as a way to have a "detailed look" at app usage, notifications, and device pickups, but adding that this type of data is only accessed by the parent, and isn't accessible by Apple itself or third parties.
The Transparency Report section remains the same as it was previously, providing links to Apple's transparency reports as well as explaining the company's policies when dealing with government and private party requests, and Apple's guidelines for law enforcement requests.
Privacy is Essential
The Privacy minisite update is part of Apple's effort for transparency in its security, to prove to consumers how serious it is about privacy and preventing anyone from accessing a user's data without their permission. At a time when tech giants are being accused of abusing user data for financial gain, as well as instances of poor security practices being implemented, it has become even more important for Apple to retain trust from its users.
Apple has repeatedly and publicly fought to keep user data away from prying eyes. Apple CEO Tim Cook has repeatedly advised Apple believes privacy is a "fundamental human right," a statement it includes prominently as one of the first things users see when they access the minisite.
This philosophy has led to Apple defending user privacy from being weakened by governments and security agencies, demanding easier access to data that could help fight crime, usually by adding a backdoor. Apple and other firms believe this is not the way to go, insisting their creation is a huge risk to digital security.
Apple VP of software technology Guy "Bud" Tribble testifying to a U.S. Senate committee about privacy (via C-SPAN)
Apple recently submitted a formal response to an Australian draft bill to update the country's telecommunications-related laws to force private companies to provide assistance in accessing data. Apple's response called out the ambiguous language for being too broad in its coverage, while simultaneously urging for "increasingly stronger - not weaker - encryption" as a way to combat the growing number of online threats.
The iPhone producer testified to a U.S. Senate committee hearing in September, advocating support for federal privacy legislation. "Ultimately, privacy is about living in a world where you can trust that your decisions about how your personal information is shared and used are being respected," said Apple vice president of software technology Guy "Bud" Tribble," while also advising any new legislation should not place undue burdens on app developers.
Apple's stance on privacy and user security has led to Cook being asked to give a keynote address to regulators and attendees at the International Conference of Data Protection and Privacy Commissioners on October 24, as part of a session titled "Debating Ethics: Dignity and Respect in Data Driven Life."
"Tim has been a strong voice in the debate around privacy, as the leader of a company which has taken a clear privacy position, we look forward to hearing his perspective," said European Data Protection Supervisor Giovanni Buttareli. "He joins an already superb lineup of keynote speakers and panelists who want to be a part of a discussion about technology serving humankind."