For at least a decade, privacy advocates have dreamed of a universal and legally enforceable “do-it-yourself” framework. Now, at least in the most populous state in the United States, that dream has come true. So why isn’t Apple, a company that increasingly uses privacy as a selling point, helping its customers take advantage of it?
When California passed the California Consumer Privacy Act (CCPA) in 2018, the law was marked with a large asterisk. In theory, the CCPA gives California residents the right to tell websites not to sell their personal data. In practice, exercising this right means clicking through an endless number of privacy policies and cookie notices, one by one, on each site you visit. Only a masochist or privacy enthusiast would bother to click on cookie settings every time they look up a menu or buy a vacuum cleaner. Privacy will remain, for most people, a right that only exists on paper until there is an easy, one-click way to turn off tracking across the Internet.
The good news is that this ideal is getting closer and closer to reality. While the CCPA does not explicitly mention a blanket exclusion, regulations interpreting the law issued by the California Attorney General in 2020 specified that companies should honor one, just as they do with individual claims. The technology for a universal opt-out did not yet exist, but last fall a coalition of businesses, nonprofits and publishers unveiled a technical specification for global privacy control that can send a “do not track” signal applicable to CCAC. at the browser or device level.
Today, if you live in California, you can enable Global Privacy Control by using a privacy browser like Brave or by downloading a privacy extension, like DuckDuckGo or Privacy Badger, in the browser you already use. (Seriously, go ahead. The full list of options is here.) Once you’ve done that, you’ll automatically tell the sites you visit, “Don’t sell my personal information” without having to click anything. either and, unlike previous efforts to create a universal opt-out, any decent-sized company doing business in California will be legally required to comply, which requires adding a few lines of code to their website .
The state of CCPA enforcement remains murky as some companies object to the Attorney General’s broad interpretation of the law. But the California government has started to make it clear that it intends to enforce the global privacy control requirement. (California’s more recently passed privacy rights law, which comes into full force in 2023, makes this requirement more explicit.)
In mid-July, Digiday reported that Attorney General Rob Bonta’s office had “sent out at least 10 and possibly more than 20 letters from companies urging them to honor the GPC.” And one item appeared on a recent list of CCAC enforcement actions on the attorney general’s website, noting that a company was forced to start honoring the signal.
Now for the bad news. While it’s much easier to install a privacy extension or browser than it is to click through a million privacy pages, the vast majority of people are still unlikely to do so. (It remains to be seen whether DuckDuckGo plastering America’s highways and cities with billboards will inspire a new wave of privacy connoisseurs.)
This is quite important because online privacy rights are collective, not individual. The problem with ubiquitous tracking isn’t just that it can allow someone to access your personal location data and use it to ruin your life, as recently happened to a Catholic priest whose data Commercially available grindr have revealed a tendency to frequent gay bars. Even if you personally choose not to follow, you still live in a world shaped by surveillance. Tracking-based advertising contributes to the decline of quality posts by eroding the premium that advertisers pay to reach their audience. Cheaper to find these readers on social media or even on extremist background news sites. It drives the incentive to relentlessly maximize engagement on social media platforms. None of this will go away until a critical mass of people decides not to be followed in all areas.
This is why an absence from the list of companies supporting global privacy oversight is so blatant. Apple bolstered its already strong reputation for privacy earlier this year by introducing app tracking transparency, a setting that reverses default privacy on iOS devices by forcing apps to obtain a user’s permission beforehand. to share its data. This really is a big step forward for privacy, as the difference between being turned off by default and on is huge – and indeed, early reports suggest that most iPhone users refuse to allow apps to be enabled. to follow.
But Apple, despite its stated (and strongly advertised) commitment to privacy, has failed to integrate global privacy control into Safari, the most popular mobile browser in the United States and the second most popular desktop browser. . It also hasn’t integrated it into iOS, which accounts for more than half of the US market for mobile operating systems. This means that it is not doing all it could to protect tens of millions of users from the sale and sharing of their data. The application tracking transparency framework is important, but it relies on Apple to detect application developers who violate the policy. Safari’s Track Prevention feature, on the other hand, relies on a technical approach to block cookies and other trackers that can often be bypassed.
So far, however, none of the larger browsers have incorporated this feature, preventing it from being widely adopted. It’s not shocking in the case of Google, which hasn’t added it to Chrome or Android: The world’s largest surveillance ad company isn’t exactly known to care much about user privacy. (Google declined to comment for this story.) A Mozilla spokesperson said the company “is reviewing global privacy control and actively considering next steps in Firefox.” It’s unclear why Apple hasn’t joined the party yet or if it plans to do so in the future. The company did not respond to multiple requests for comment over the past week.
In the past, Apple has used software design and App Store policies to protect users, leaping into the void created by the lack of comprehensive privacy legislation. Now in California and every other state following its lead – Colorado, for example, will require companies to comply with global privacy controls from 2024 – the law has finally overtaken the technology. The public will only begin to see the full benefits when the private sector catches up. If even a privacy-centric company like Apple isn’t interested, the wait might be longer than you think.
This story originally appeared on wired.com.