Member-only story
Apple and Google Are Drawing the Line on App Privacy
Here’s what developers need to know about plans to reshape app store standards and put user trust first

“Technology does not need vast troves of personal data, stitched together across dozens of websites and apps, in order to succeed. Advertising existed and thrived for decades without it. If a business is built on misleading users, on data exploitation, on choices that are no choices at all, then it does not deserve our praise. It deserves reform.” — Apple CEO, Tim Cook, Computers, Privacy and Data Protection conference, January 2021
The state of global privacy laws
Global privacy legislation is undoubtedly on the rise. In the past decade, more than 60 countries passed new privacy laws. Brazil, Japan, South Korea, Switzerland, New Zealand, India, and South Africa have passed GDPR-like regulations since GDPR became law in Europe, in May 2018. Even China recently introduced new sweeping privacy laws.
These developments are partly fuelled by governments and regulators recognising that consumer rights and human rights are at risk in the age of surveillance capitalism and, in some cases (like China), by national security concerns. But not all countries have settled on what the future of privacy laws will look like. And complex issues are yet to be resolved in the US, Australia, and the UK.
In the US, privacy laws are a patchwork of different sectoral rules. After the California Consumer Privacy Act (CCPA) passed in 2018, multiple states proposed similar legislation to protect consumers in their states. But the debate over the shape of the U.S. Federal privacy law continues.
In Australia, privacy laws are about to undergo a substantial reform for the first time in three decades, likely to become law in 2022. Meanwhile, major public and private media organisations and industry groups are leading the push against proposals that would allow Australian citizens to sue and be compensated for privacy breaches. Australian telecoms argue that Australian privacy laws (which were enacted in the ‘80s, prior to the internet age) are “working well” and that Australians don’t need a GDPR-equivalent right to have their data deleted. Other…