Tim Cook Warns Adtech Could Lead to 'Social Catastrophe'

Apple’s Chief Executive Officer, Tim Cook, has encouraged European authorities to strengthen privacy regulations during a presentation at the CPDP conference today—reiterating many of the arguments he presented in person in Brussels two years prior, where he criticized the “data-industrial complex” that supports the extensive surveillance of internet users within the advertising technology sector.

He contended that reforming the current generation of adtech is now a critical necessity, framing it as a humanitarian issue, and delivered remarks that contained several indirect criticisms of Facebook.

“As I stated in Brussels two years ago, the time is right—not just for a thorough privacy law within the United States, but also for global legislation and new international agreements that establish the principles of data minimization, user awareness, user control, and data security worldwide,” Cook stated.

This message arrives at a crucial moment for Apple as it prepares to activate a feature that will, for the first time, necessitate developers to obtain explicit user consent before tracking their activity.

Earlier today, Apple verified that it would enable the App Tracking Transparency (ATT) feature in the upcoming beta version of iOS 14, with a full rollout anticipated in early spring.

The technology company had originally planned to launch the feature last year but postponed it to allow developers additional time to adjust.

Facebook, a major player in the adtech industry, has also been actively voicing opposition to this change, cautioning about a substantial impact on publishers who rely on its advertising network once Apple empowers users to decline third-party tracking.

During its Q4 earnings report yesterday, Facebook also signaled potential “more significant advertising challenges” affecting its financial performance this year—identifying Apple’s ATT as a risk factor, alongside what it described as “the changing regulatory environment.”

In his address to the data protection and privacy conference, which is typically held in Brussels but was streamed online due to the pandemic, Cook vigorously defended ATT and Apple’s commitment to privacy, asserting that the forthcoming tracking opt-in is about “giving users control” and connecting adtech-driven surveillance to a variety of negative consequences, including the proliferation of conspiracy theories, extremism, and instances of real-world violence.

“Users have been requesting this feature for a considerable period,” he said regarding ATT. “We have collaborated closely with developers to provide them with the necessary time and resources to implement it, and we are enthusiastic about its potential to improve things for everyone.”

This initiative has prompted a competition challenge in France, where four online advertising organizations filed an antitrust complaint last October—arguing that Apple’s requirement for developers to seek app user permission to track them constitutes an abuse of Apple’s market dominance. (A comparable complaint has been submitted in the U.K. concerning Google’s decision to phase out third-party tracking cookies in Chrome—and regulators there have initiated an investigation.)

The Information also reported today that Facebook is preparing to file an antitrust lawsuit against Apple—indicating that the legal implications are escalating. (However, Facebook itself is currently facing a lawsuit from the FTC alleging it has maintained a monopoly in the social networking market through years of anti-competitive practices.)

In his speech, Cook highlighted another recent privacy-focused action by Apple, requiring iOS developers to display “privacy nutrition” labels within the App Store—providing users with a clear overview of their data collection practices. Both the labels and the upcoming ATT apply to Apple’s own applications, as well as those of third parties, as previously reported.

Cook explained that these actions are consistent with Apple’s fundamental philosophy: to create technology that “benefits people and prioritizes their well-being”—contrasting this approach with a predatory “data-industrial complex” that seeks to collect information about every aspect of people’s online activity for manipulative purposes.

“It appears that no piece of personal information is too sensitive to be monitored, monetized, and compiled into a comprehensive profile of your life,” Cook cautioned. “The ultimate outcome of this is that you are no longer the customer; you are the product.”

“When ATT is fully implemented, users will have a voice regarding this type of tracking. Some may believe that sharing this level of information is worthwhile for more personalized advertising. However, many others, I suspect, will not. Just as most appreciated our similar functionality in Safari, which limited web trackers several years ago,” he continued, adding that: “We view developing these kinds of privacy-focused features and innovations as a fundamental responsibility. We always have, and we always will.”

Apple’s CEO emphasized that advertising has been successful in the past without the need for privacy-invasive mass surveillance, asserting: “Technology does not require vast amounts of personal data aggregated across numerous websites and apps to thrive. Advertising existed and prospered for decades without it. And we are here today because the easiest path is not always the wisest.”

He also made several indirect criticisms of Facebook—avoiding direct naming but challenging the idea of a business model built on “surveilling users,” on “data exploitation,” and on “choices that are not real choices.”

Such an organization “does not deserve our admiration; it deserves reform,” he stated, having previously praised Europe’s General Data Protection Regulation (GDPR) for its role in advancing privacy rights—telling conference attendees that enforcement “must continue.” (The GDPR’s primary weakness to date has been a lack of consistent enforcement; however, after 2.5 years, there are indications that the regime is gaining momentum.)

In further criticisms of Facebook, Cook addressed the role of data-intensive, engagement-driven adtech in fueling disinformation and conspiracy theories—arguing that the consequences of such an approach are too significant for democratic societies to ignore.

“We should not overlook the broader context,” he argued. “In an era of widespread disinformation and conspiracy theories amplified by algorithms, we can no longer ignore a technological philosophy that equates all engagement with positive engagement, the longer the better. And all with the goal of collecting as much data as possible.”

“Too many are still asking how much can we get away with? When they should be asking what are the consequences? What are the consequences of prioritizing conspiracy theories and inciting violence simply because of high engagement rates? What are the consequences of not just tolerating but rewarding content that undermines public trust in life-saving vaccinations? What are the consequences of seeing thousands of users join extremist groups and then perpetuating an algorithm that recommends even more,” he continued—describing scenarios that Facebook’s business practices have been directly accused of contributing to.

“It is long overdue to stop pretending that this approach does not come with a cost. Of polarization. Of lost trust. And—yes—of violence. A social dilemma cannot be allowed to become a social catastrophe,” he added, re-imagining the premise of “The Social Network.”

Apple has a strategic reason to appeal to a European audience of data protection specialists to bolster its legal position against adtech opponents of its ATT, as EU regulators possess the authority to issue enforcement decisions that would support its approach. Although they have been hesitant to do so thus far.

Facebook’s primary data protection supervisor in Europe, Ireland’s Data Protection Commission (DPC), has a backlog of investigations into various aspects of its operations—including its use of so-called “forced consent” (as users are not given a genuine choice regarding being tracked for ad targeting if they wish to use its services).

This lack of choice sharply contrasts with the change Apple is implementing on its App Store, where all entities will be required to ask users if they consent to being tracked. Therefore, Apple’s move aligns with the principles of European data protection law (which, for example, requires that consent for processing personal data be freely given to be legally valid).

Conversely, Facebook’s continued refusal to offer users a choice directly conflicts with EU law and carries the risk of GDPR enforcement. (The type of enforcement Cook was advocating in his speech.)

2021 appears to be a pivotal year on this front. A long-running DPC investigation into the transparency of data-sharing between WhatsApp and Facebook is expected to result in enforcement action this year—after Ireland submitted a draft decision to other EU data protection agencies late last year.

Last week, Politico reported that WhatsApp could face a fine of between €30 million and €50 million in this single case. More importantly for the company—which paid a $5 billion fine to the FTC in 2019 to settle privacy-related charges (but was not required to make any substantial changes to its advertising business)—WhatsApp could be ordered to alter how it handles user data.

A regulatory order to cease processing certain types of user data—or to mandate obtaining user consent before doing so—could have a significant impact on Facebook’s business empire.

The technology giant is also awaiting a final verdict later this year on whether it can continue to legally transfer European users’ data outside of the bloc.

If Facebook is ordered to suspend such data transfers, it would cause substantial disruption to a significant portion of its business (in 2019, it reported 286 million daily active users in the region in Q1).

In summary, the regulatory landscape surrounding Facebook’s business is undoubtedly “evolving.”

The data-industrial complex’s response to the impending privacy enforcement at Apple’s platform level involves dedicating legal resources to argue that such measures are anti-competitive. However, EU lawmakers appear aware of this self-serving attempt to use “antitrust” as a means to obstruct privacy enforcement.

(And it is noteworthy that Cook referred to privacy “innovation” in the speech. Including this question: “Will the future belong to the innovations that make our lives better, more fulfilling, and more human?”—which is essentially the central question in the privacy versus competition regulation “debate.”)

Last month, Margrethe Vestager, Commission Executive Vice President and competition chief, told the OECD Global Competition Forum that antitrust enforcers should be “vigilant so that privacy is not used as a shield against competition.” However, her remarks also contained a warning for the data-industrial complex—as she expressed support for a “superprofiling” case against Facebook in Germany.

That case (which is still being litigated by the German FCO) combines privacy and competition in novel ways. If the regulator succeeds, it could lead to a structural separation of Facebook’s social empire at the data level—a regulatory equivalent of moving quickly and disrupting the status quo.

Therefore, it is significant that Vestager described this regulatory innovation as “inspiring and interesting”—a more positive endorsement than condemnation from Europe’s digital policy and competition chief.