The CEO of Apple, Tim Cook, made the headlines with his recent interview in which he called regulation of tech companies “inevitable”, and concluded that the free market has failed to deliver. His prediction is likely to be accurate, as policymakers increasingly see cases for intervention with regard to data protection and disinformation. Tech giants now need to move toward a more detailed and coherent stance around regulation; a generic call for pro-business regulation will not suffice, and companies’ need to match their words with action in order for them to retain trust with all stakeholders.

Regulation now looks more likely than ever, even in the US

Apple’s CEO, Tim Cook, made the headlines with his recent interview, in which he defines regulation for large tech companies as inevitable. Unsurprisingly, he clarified he is not a “big fan” of regulation in general, but businesses should accept that there are cases where the free market does not deliver the desired outcomes. “I think the congress and the administration at some point will pass something”, said Cook. This sentence sums up the current state of regulation for tech: everybody knows it is coming, but it is still difficult to map out what it will look like.

There is increasing evidence that policymakers are keen to make amends for the shortcomings of the market. Europe has so far led the way, with the passing of its General Data Protection Regulation (GDPR) which is quickly setting the standard for data protection laws all over the world. As Assembly’s Privacy and Data Protection Tracker shows, countries such as Japan and Korea have adopted new data protection frameworks closely resembling GDPR; the EU Regulation has also strongly influenced the ongoing discussion in India, and the recent law passed in Brazil, among other countries.

In the US, the historical hands-off approach is no longer seen as an undisputed mantra. Recent scandals have prompted representatives of Congress and Senate to launch enquiries and consider action, which is now evolving in a meaningful effort to set out a federal privacy framework for the first time. Individual states are also contributing to pressure piling up, as many of them either have passed, or are in the process of approving, privacy frameworks; California is the most obvious example here, with a set of rules very close to GDPR. Ashkan Soltani, former Chief Technologist of the Federal Trade Commission (FTC), predicted that the privacy framework will be passed by the next congress; it will preempt state-level legislation, and is likely to be lighter-touch compared to GDPR. In the meantime, the FTC is engaging in extensive consultations on how to adapt its way of operating to the challenges of the digital age.

Apple is using privacy as a marketing differentiator, but will have to stay coherent to its message

Cook’s recent statements did not come as a surprise. The CEO has repeatedly criticised Google and Facebook for not doing enough to protect user’s privacy, and argued there should not be a choice between privacy and profits, or privacy and innovation. The company openly backs the efforts to create a federal privacy framework in the US, as shown by the hearings of the Commerce Committee in the US Senate.

In other words, Apple is aiming to differentiate itself from the other tech giants in the area of privacy. As it openly rejects the business models on which Google and Facebook have built their fortune, which is heavily reliant on large-scale data collection, the company positions itself as ‘the good guy’ in the market. The company will now have to be mindful of the implications of this choice, which will appeal to the most privacy-savvy customers. On the one hand, Apple will now have to make sure it sticks to its promise, and continues on a course of action in line with the narrative set out by Cook; having been so critical of its rivals, the company cannot afford making any mistake on the privacy front in the future. Apple’s market presence is significantly stronger in developed markets than it is in the emerging ones, where the company is having a harder time in marketing its comparatively expensive devices. If the company does not become more successful in those countries, its privacy pledge will be limited to those who can pay for it, while users in those regions continue to rely on cheaper smartphones to get online.

Tech companies need to bridge the gap between what they say and what they do

If Apple’s message has its contradictions, Facebook and Google are not in a much better place. Both of them are open to regulation – which is an almost inevitable stance at this stage, seeing as regulators all over the world have seen a strong case to intervene building up during 2018.

Mark Zuckerberg himself has admitted his company needs to be regulated, but has stopped short of engaging in the detail of how. And other company representatives have not been much clearer: in the recent hearing of the International Grand Committee, hosted by the UK parliament on 27 November 2018, Facebook’s Vice President for Policy Solutions agreed on the need for regulation, but also reminded that Facebook’s business model inevitably relies on driving and maximising engagement. Between the lines, the message means that the company aims to ensure regulation does not undermine its current business model. Facebook also supports the idea of a federal privacy framework in the US, mainly because it would provide consistency: a company representative told Assembly that it would be “better than a state-by-state patchwork”.

Google has not done much better in positioning itself. When the company pointed out that GDPR compliance has costs quantifiable in “hundreds of years” of human labour, US senators noted that “the sky has not fallen” as a result of GDPR coming into force in Europe. And the company’s recent attempt to start operations in China has not done its reputation any favour, given the concerns related to censorship, security, and privacy on the table. Even Google’s own employees have had reservations on the plan, which has been seen to clash with the firm’s “do-no-evil” mantra.