Tim Cook Says U.S. Hasn’t Gotten Privacy Right, But Has Apple?

Apple chief executive Tim Cook recently expressed his opinions about the privacy of consumer data, noting — to the approval of many consumers — that the United States government isn’t handling Americans’ privacy correctly. But putting aside Cook’s personal values and intentions, it’s still worth asking: is Apple handling users’ information correctly?

Cook said in a TV interview broadcast Monday that the U.S. government hasn’t gotten its privacy policies right. In the second part of an interview with CBS’ Charlie Rose, Cook said that, “I think it’s a tough balance. And I don’t think that the country or the government’s found the right balance. I think they erred too much on the collect-everything side.”

At the same time, Cook positioned Apple as a company that’s taking the right approach to consumer privacy. He said that because Apple collects a comparatively small amount of information from its customers, it has received a proportionately small number of government requests, receiving somewhere between zero and 250 requests in the last six-month period — the smallest range that a company can disclose, with reporting the exact number prohibited. Cook also contrasted Apple’s handling of consumer data with that of some of its Silicon Valley neighbors, some of which have built business models reliant on customers’ data.

“Our business is not based on having information about you. You’re not our product. Our products are these, and this watch, and Macs, and so forth. And so we run a very different company. I think everyone has to ask: how do companies make their money? Follow the money. And if they’re making money mainly by collecting gobs of personal data, I think you have a right to be worried.”

While Re/Code’s Ina Fried notes that Apple collects some customer information, but doesn’t directly rely on it for the bulk of the company’s revenue — which is, after all, made by selling products, not advertising — Apple does collect massive amounts of user information. Apple’s Privacy Policy lists “some examples” of the types of personal information that the company can collect and use.

When you create an Apple ID, purchase or register Apple products, download software updates, register for a class at an Apple store, contact Apple, or participate in an online survey, Apple says that it may collect information including your name, mailing address, phone number, email address, contact preferences, and credit card information. If you share content with family or friends using an Apple product, send gift certificates or products, or invite others to Apple forums, Apple can also collect information on those people, including their name, mailing address, email address, and phone number. In limited situations in the U.S., the company may even ask for your Social Security number, such as when you’re activating your iPhone.

The Privacy Policy notes that Apple can use your personal information for a variety of different purposes, not limited to keeping you updated on product announcements, software updates, and events. Your personal information can also be used to help Apple “create, develop, operate, deliver, and improve our products, services, content and advertising,” as well as for loss prevention and anti-fraud purposes. Your information can also be used to send you information about your purchases and changes to Apple’s terms, conditions, and policies, and for “internal purposes” like auditing, data analysis, and research.

Even beyond the information collection detailed in the Privacy Policy, consumers should be aware that other Apple businesses — both ones that are well-established and others that were just unveiled in Cupertino — come with their own privacy concerns. With the iAd mobile advertising platform, Apple sells ads that appear on the iPhone, iPod Touch, and iPad. The iAd targeting tools rely on “a foundation of registration and media consumption data,” connected with each device’s non-permanent Advertising Identifier, which lets advertisers target ads to you in iTunes Radio or in “thousands of apps.”

Few consumers need reminding of the recent iCloud breach that left celebrities’ photos exposed and spreading rapidly across the Internet. While Apple didn’t find a widespread vulnerability in its platform, the company’s ability to safeguard users’ information has been openly questioned since news of the leak broke. While Cook explains that iCloud itself wasn’t hacked, and hackers only gained access to targeted accounts, the platform has come under scrutiny for the lack of default two-factor authentication and the inability to encrypt the files include din iCloud backups.

Apple Watch, the company’s “most personal device yet,” comes with its own privacy concerns, which are currently under scrutiny by Connecticut’s attorney general. An important piece of the Apple Watch ecosystem is the device’s integration with the new Health app, powered by the HealthKit framework. While Apple has prohibited developers of health apps from storing users’ data in iCloud, it hasn’t made it entirely clear how or if it will require apps to protect users’ sensitive health data, or how it will handle the fact that many health apps are likely to come under regulation by the Health Insurance Portability and Accountability Act (HIPAA). That could be a positive development and a better form of assurance for consumers who will otherwise simply need to trust developers’ good intentions with their apps’ usage and protection of data.

With Apple Pay, the company’s new contactless payments system, which would see users waving their iPhone instead of swiping a credit or debit card, The Hill reports that Apple may be subject to regulation by the Consumer Financial Protection Bureau. A spokesperson explained that, “Rules that apply to plastic card payments also apply to payments with a phone.” While Cook has said that Apple won’t collect information such as what you purchase or how much you spend, or even store your credit card number on your iPhone, exactly how it will handle consumers’ privacy is uncertain. The Federal Trade Commission has also raised concerns about the security and privacy of consumers’ data, especially given the ability of a smartphone to know your location at all times, and Apple will need to demonstrate that it can secure users’ data against both breaches and hacks.

All this is to make a simple point: while Cook may be in a unique position to appeal to consumers as a down-to-earth leader of one of the world’s top companies, Apple is hardly set apart from other tech and web companies that rely on the collection of consumer data. The point isn’t to level accusations at Apple or Cook, but to make sure that you’re aware of how companies handle your privacy, and how you handle your privacy. You should always be aware of what information you’re sharing with an app, a website, or a company. While that data is the cost of using the product, it’s always wise to find out how high of a price it really is to make an informed decision, because paying it blindly is never worth it.

More From Tech Cheat Sheet: