Privacy concerns associated with Google and Apple’s smartphone locational services made headlines for a brief couple of days last week as the U.S. Judiciary Subcommittee on Privacy subpoenaed the two companies for questioning. Research by O’Reilly Radar found that Apple is collecting location data that is unencrypted and unprotected and storing it in a hidden file on the iPhone. In response, Apple’s spokesperson said, “Apple does not track users’ locations…Apple has never done so and has no plans to ever do so”. Later though, the Apple spokesperson said that Apple “may collect, use and share precise location data”. When asked by subcommittee chair Senator Franken whether Apple’s and Google’s locational data are traceable and thus not anonymous, an independent researcher said that both were possible. Both Apple and Google scrambled to respond to a scolding by the US government.
Locational services have been a recent and highly instrumental service for customers using GPS and looking for nearby businesses. They have also been useful for companies aiming to conduct target advertising based on locational information of customers. It is this latter service that has sparked some debate on whether locational services may have some important drawbacks when we consider how much companies would be willing to pay for data breach disclosure. According to ABI Research, the market for location-based services is expected to increase to $4.7 billion by 2015 from $1.6 billion in 2010.Advertisers would be particularly interested in using locational data to develop consumer profiles to which they can target specific advertising. Those companies developing “apps” for the smartphones are motivated to give the apps away for very little so that they can collect and sell personal information on users to advertisers.
During the supposed “scolding”, Apple and Google were asked whether they felt it was their responsibility to control or at least influence the actions of app developers. Using an analogy, Apple spokesperson said, ”We don’t go after trucking companies because they happen to handle damaged goods…we go after the manufacturers.” This is no different than Nike in the 1990s denying responsibility for the horrific labour conditions of their suppliers in Asia.These manufacturers of Nike products are independent companies outside the control and supposed responsibility of Nike, explained Phil Knight and several other Nike VPs.Given that app developers are not under Apple and Google’s control, they appear to be saying the same thing, this time for the digital supply chain. We all know the lessons Nike learned.
A major difference between what is happening now and what is happening to Nike is that the affected stakeholder is the Western consumer not the developing country worker.Because of that, government is eager to get involved. But as it stands now, “there is no comprehensive federal regulation that enforces data breach disclosure.” Consider this gap in regulation against the philosophy among tech companies that “all data is good”. Jason Weinstein, deputy assistant attorney general at the Department of Justice is bang on when he said that the proliferation of handheld devices is a breeding ground for data theft.
Whose responsibility is it then to deal with this? Is it the market to demand privacy protection? Jessica Rich, deputy director of the Bureau of Consumer Protection at the Federal Trade Commission, said the FTC believes“consumers have no idea about the layers of sharing [data] that goes on behind the scenes.” Relying on government to build regulation as a response is time consuming and is highly dependent on the identification of the issue, which, in this case, happened somewhat by chance. What happens for those issues that are left unidentified or for those issues that are identified but take months, sometimes years, to be addressed? What happens until then?
As I regularly explain to my business students, managers need to make a decision about whether they will act passively in response to consumer demands and government regulation, or whether they will incorporate ethical criteria in their decisions proactively. Clearly, Google and Apple are blinded by the economic opportunities associated with locational services and do not have the mental models to consider non-economic factors such as breach of privacy until they demonstrate a direct and observable impact on their bottom line, which is essentially what happened last week. Will companies ever learn by being proactive or will they consistently go through the very reactive exercise of figuring out through negative media exposure what other social and ecological issues are inextricably tied to financial performance?