Last week, it emerged that Apple was being sued by two groups of iPhone and iPad users for leaking data that could identify users. Given Apple’s strict control over applications and the hurdles that developers have to jump through in order to get onto the iTunes Store, this may well have come as a shock for a lot of people.
At the heart of this lawsuit is the amount of personal data that applications require before you can use them. This is nothing new. Try signing up to many websites, even if you are not buying anything from them, and they want your full name, address, date of birth, sex and a host of other data before they will allow you to access any content or buy something.
Contrast this with going out to shop in good old fashioned shops. You know what I mean, the one’s where you interact with people in the flesh, so to speak. Here you wander in, peruse the merchandise at length and if you want to buy you take it to the till and hand over cash or credit/debit card. Unless you are buying alcohol or tobacco and look very young for your age, nobody asks to see your date of birth, proof of address, your mother’s maiden name, etc.
Of course, there is a caveat to this. Go to the online site of many large department stores and they suddenly do want all this data. It appears that your virtual persona is nothing without personal data.
For software developers, especially those engaged in web and mobile applications, gathering this information is very important to them. They want to know who their audience is and whether they are really getting to the people they want. There is nothing wrong with this but the amount of information that they gather often goes much deeper than this.
For websites, this personal information is often critical for advertisers. Just as a magazine regularly asks users for information so that it can tell the ratings agencies and its advertisers about it customers, websites need to do the same. Without this data, it is hard to get advertisers to spend money with you. As a result, websites can say that they have a genuine need for some data but certainly not all the data they gather.
Another reason for websites to gather data is to be able to identify returning customers. Stickiness is a very important concept in website management and cookies are used for exactly this purpose. However, many websites then deliver you a whole host of cookies from not just their advertisers but from advertising tracking companies who use them to build up a sales profile of you. Even when you “opt out” from the data sharing that is identified in privacy policies on well managed sites, you are still flooded by these tracking cookies.
Mobile application developers, however, have less of a case. Yes, some will ship you a free or very cheap version of their software supported by advertising. Here they need something in order to get advertisers to spend money with them. They also want to reduce the amount of piracy of their products. But when an application has no advertising, why does the software house need so much personal data?
To put it simply – they don’t! What has happened is that application designers and the corporate marketing teams are obsessed by the need for customers personal data. This means that developers are required to gather that information as part of their application design.
So back to Apple. It’s terms and conditions for developers are that applications can only collect and share the minimum amount of data required to work. It now appears than many applications are failing to honour that commitment so the onus is now on Apple to show how it intends to enforce this.
The easiest solution is to force application vendors to provide customers with a list of what data they are collecting and let customers agree or disagree to that collection. This could be done when you first purchase an application and be backed up by Apple doing its own random audits of applications.
In the same way that Apple has already changed the way applications, music, video and other content is delivered, it now has an opportunity to help its customers defend their privacy and set a new bar for the industry. Apple is not the only company that is threatened in this lawsuit but it is the only company that can enforce its own terms and conditions and thus, once again, set a new bar for the industry