Do you trust companies like Facebook to accurately and completely tell you how, and to what extent, their apps monitor and track you both on your phone and across the entire internet? The question is not a rhetorical one, as Apple’s latest privacy push relies on the answer to that question being “yes.”
Most privacy policies are an unintelligible mess. This problem, thoroughly documented by the New York Times Privacy Project in 2019, is only compounded when people are forced to read the sprawling documents on their smartphones — squinting the entire time they scroll. Apple unveiled a new feature on Monday for the forthcoming iOS 14 intended to address this problem. The proposed solution is labels, similar to nutrition labels seen on the side of food packaging, that quickly and clearly tell users how an app uses their data.
At face value, this idea sounds great. According to slides shared at WWDC, app labels would list out, in plain language, what data is linked to you and what data is used to track you. There’s just one glaring problem: All the information in the label is self-reported by the companies and developers behind the apps.
Katie Skinner, Apple’s manager of user privacy software, explained the company’s approach to the privacy labels during the WWDC presentation.
“We’ll show you what they tell us,” she noted. “You can see if the developer is collecting a little bit of data on you, or a lot of data, or if they’re sharing data with other companies to track you, and much more.”
Erik Neuenschwander, Apple’s director of user privacy, detailed how this differs from Apple’s current practices and how the company’s plan was inspired by the humble nutrition label (this all begins around 58:22 in the above embedded video if you want to watch along).
This raises a lot of questions. For starters, how will Apple ensure that the self-reported data is accurate? If a company misrepresents the data it collects on app users, or omits key tracking practices on the privacy label, will Apple hold that company accountable? If so, how? And by when will Apple require all apps in the App Store to have such a privacy label?
We reached out to multiple specific people at Apple, in addition to the general media contact with a host of questions, but received no response from the company.
As things currently stand, Apple reserves the right to boot developers and their apps from the App Store for things like “[sharing] user data without user consent.” It’s unclear if Apple would take a similar step against, say, Facebook, for failing to list specific data-collection practices on its iOS app’s privacy label.
To be clear, the goal of making privacy policies more digestible is a laudable one, and Apple should be cheered for this first step — but it is only a first step.
Because, as things stand, the entire privacy-label proposition depends on companies being honest and forthright about what they do with users’ data — something history has shown to be a dicey proposition.
Perhaps in the future, Apple will go further than relying on app developers to accurately and clearly fill out the new app privacy label. But hey, until then, it’s a start.