Apple brings EU data privacy features to U.S., tightens app and web privacy rules

Spurred by the European Union’s heightened data privacy requirements under the General Data Protection Regulation, Apple debuted more conspicuous privacy notifications in March, and in May rolled out a Data and Privacy section of its website that enables European users to automatically access and delete collected personal data. Apple promised to roll the feature out worldwide “in the coming months,” and that’s closer to becoming a reality today, as U.S. Apple ID users will begin to gain access here.

Apple’s Data and Privacy mini site has different functionality depending on the user’s location, but the general purpose is to automate user access to personal data Apple has on its servers — and the options to cleanse that data and/or users’ accounts. In fully supported countries, it provides the following four automated options:
-Get a copy of your data: Users choose which data files stored by Apple they would like to download and receive download links within seven or fewer days.
-Correct your data: Users can request corrections to any personal information stored by Apple.
-Deactivate your account: Users can restrict access to their data without deleting their accounts, temporarily giving up access to both their accounts and Apple services.
-Delete your account: Users can permanently remove their accounts and data from Apple’s servers.
In other countries, the automated page provides only the options to request a correction of Apple’s data or to delete the account and data from Apple’s services. Until today, users in the U.S. and most other countries outside the European Union saw only the “Correct” and “Delete” options. MacRumors reports that users in Canada, Australia, and New Zealand will also gain access to the additional features; Apple’s timeline for the rest of the “worldwide” rollout remains unclear.

Apple also updated and tightened the rules on its privacy page today, generally to acknowledge the introduction of new iOS 12 features, such as Screen Time, Siri Shortcuts, and RapidSOS — the latter a feature that automatically passes iPhone location data to emergency responders. Unsurprisingly, the privacy page now notes that the new Siri Shortcuts are covered by Siri’s privacy rules and that Apple deletes RapidSOS location data after 24 hours, amongst other small details.

App and website developers should take notice, though. Apple is now officially requiring every third-party app to have a privacy policy, after having suggested as much at the end of August. The company has also enhanced Safari’s Intelligent Tracking Prevention feature, noting that third-party tracking sites must get explicit consent before creating cookies or storing data. These steps come after Apple clamped down earlier this year on apps that share their users’ location data without consent.

Despite highly publicized controversies over arguably anti-consumer device performance and battery issues, Apple has spent a considerable amount of time this year pushing for broad and clear user privacy rights. In response to government inquiries, the company has called for strong federal-level user privacy standards in the United States, taking pains to underscore its distaste for the opaque user information gathering and selling practices favored by some rivals.

Leave a Comment

Your email address will not be published. Required fields are marked *