Apple and Google’s Passive Approach to Privacy Issues

Privacy concerns associated with Google and Apple’s smartphone locational services made headlines for a brief couple of days last week as the U.S. Judiciary Subcommittee on Privacy subpoenaed the two companies for questioning. Research by O’Reilly Radar found that Apple is collecting location data that is unencrypted and unprotected and storing it in a hidden file on the iPhone. In response, Apple’s spokesperson said, “Apple does not track users’ locations…Apple has never done so and has no plans to ever do so”. Later though, the Apple spokesperson said that Apple “may collect, use and share precise location data”. When asked by subcommittee chair Senator Franken whether Apple’s and Google’s locational data are traceable and thus not anonymous, an independent researcher said that both were possible. Both Apple and Google scrambled to respond to a scolding by the US government.

Locational services have been a recent and highly instrumental service for customers using GPS and looking for nearby businesses. They have also been useful for companies aiming to conduct target advertising based on locational information of customers. It is this latter service that has sparked some debate on whether locational services may have some important drawbacks when we consider how much companies would be willing to pay for data breach disclosure. According to ABI Research, the market for location-based services is expected to increase to $4.7 billion by 2015 from $1.6 billion in 2010.Advertisers would be particularly interested in using locational data to develop consumer profiles to which they can target specific advertising. Those companies developing “apps” for the smartphones are motivated to give the apps away for very little so that they can collect and sell personal information on users to advertisers.

Is there anything wrong with this? On the one hand, some may argue that this targeted advertising allows consumers to avoid those messages that don’t appeal to them. Single people wouldn’t be exposed to baby and children advertisements and teenagers wouldn’t be bothered by advertisements targeted to their parents. But another argument is that consumers may slowly detach from reality as they become locked into their own bubbles in an ever-increasing digital world exposed to specific information that is based on their individual behaviour. Some may recall the film Minority Report where advertisements are automatically allocated to particular consumers through the reading of their eye-balls, the content of which is likely based on years of individual activity, behaviours, and routines. On the one hand, the fear is that we would be stuck in a perceptual loop, unable to challenge ourselves to think differently. On the other hand, consumers would be exposed to certain messages that benefit corporate interests rather than their own. Given that society is highly influenced by advertising, wouldn’t it be in the best interests of these advertisers to use the captive audience to tell them what to buy and what to do? Conspiracy theory? I don’t think so. This is merely a systemic outcome of a technology used by an actor (i.e. business) whose primary and often exclusive accountability is to shareholders. If you were in their position with data that allowed you to very effectively influence the purchase decisions of consumers, wouldn’t you be interested in doing so considering that you’re being evaluated on the amount of shareholder wealth you’re creating?

During the supposed “scolding”, Apple and Google were asked whether they felt it was their responsibility to control or at least influence the actions of app developers. Using an analogy, Apple spokesperson said, ”We don’t go after trucking companies because they happen to handle damaged goods…we go after the manufacturers.” This is no different than Nike in the 1990s denying responsibility for the horrific labour conditions of their suppliers in Asia.These manufacturers of Nike products are independent companies outside the control and supposed responsibility of Nike, explained Phil Knight and several other Nike VPs.Given that app developers are not under Apple and Google’s control, they appear to be saying the same thing, this time for the digital supply chain. We all know the lessons Nike learned.

A major difference between what is happening now and what is happening to Nike is that the affected stakeholder is the Western consumer not the developing country worker.Because of that, government is eager to get involved. But as it stands now, “there is no comprehensive federal regulation that enforces data breach disclosure.” Consider this gap in regulation against the philosophy among tech companies that “all data is good”. Jason Weinstein, deputy assistant attorney general at the Department of Justice is bang on when he said that the proliferation of handheld devices is a breeding ground for data theft.

Whose responsibility is it then to deal with this? Is it the market to demand privacy protection? Jessica Rich, deputy director of the Bureau of Consumer Protection at the Federal Trade Commission, said the FTC believes“consumers have no idea about the layers of sharing [data] that goes on behind the scenes.” Relying on government to build regulation as a response is time consuming and is highly dependent on the identification of the issue, which, in this case, happened somewhat by chance. What happens for those issues that are left unidentified or for those issues that are identified but take months, sometimes years, to be addressed? What happens until then?

As I regularly explain to my business students, managers need to make a decision about whether they will act passively in response to consumer demands and government regulation, or whether they will incorporate ethical criteria in their decisions proactively. Clearly, Google and Apple are blinded by the economic opportunities associated with locational services and do not have the mental models to consider non-economic factors such as breach of privacy until they demonstrate a direct and observable impact on their bottom line, which is essentially what happened last week. Will companies ever learn by being proactive or will they consistently go through the very reactive exercise of figuring out through negative media exposure what other social and ecological issues are inextricably tied to financial performance?