News Insights: Tim Cook Argues for Federal Data Privacy Law

As reported in TechCrunch today,  in his keynote speech at the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC),  Apple CEO Tim Cook argued that the trade in digital data has created the “data industrial complex.”

Security industry experts offer insights into Cook’s remarks:

Colin Bastable, CEO of Lucy Security:

“Like the auto and tobacco industries years ago, the social media conglomerates are a consumer safety issue. They used to say “what is good for GM is good for America.” Now Silicon Valley claims to be the arbiter of all that is good for us, but we know how that ends – badly. Social media cyber-insecurity is the “Unsafe at Any Speed” issue of our times.

Tim Cook takes a break from virtue signaling to throw rocks at Google and Facebook, because he wants to position himself and Apple as the good guys whilst the others are vulnerable. His message is right, but Apple is also part of the problem. These players hold massive quantities of data, and we should never assume that they will ever have our best interests at heart. But even if they do offer massive convenience and free services out of the goodness of their hearts , we must assume that the bad guys want that data and will succeed in getting it.

Either way, consumers are being screwed over by the actions of the Silicon Valley giants, and they need to be taught how to protect themselves at work and at play. Government can’t do this – businesses need to protect themselves by teaching their staff how to be safe online.

Tim Berners-Lee’s new venture Solid is a step in the right direction, seeking to return control over data to the consumer, but when the head of a trillion-dollar company stakes a claim to the moral high ground, we should take it with a pinch of salt. And hang onto our data as well as our wallets.”


Paul Bischoff, privacy advocate with

“Tim Cook’s comments echo what many privacy advocates have been saying for a long time, and we’re already starting to see progress in the US along those lines, such as California’s Consumer Privacy Act. And though I agree with him in most respects, I think it’s important to put his words into context. Apple can ride a moral high horse when it comes to privacy because it does not primarily depend upon targeted advertising and the collection and sharing of personal data to make money. Most of its competitors do, namely Google. Advocating for privacy laws is a practical way for Apple to indirectly lobby against Google.

I think we’d all like to see a world in which our personal details weren’t treated as currency by corporations. But we also want affordable devices. Targeted advertising helps subsidize cheap Android smartphones, which improves internet penetration among many people in the world who can’t afford iPhones. That includes many developing nations where many people access the World Wide Web for the first time via budget Android smartphones. To take budget devices out of the market because they don’t align with Cook’s vision of privacy law seems cruel to me.

The law should strike a balance between these two business models and remain skeptical of both sides’ profit motives.”


Pravin Kothari, CEO of security vendor CipherCloud (San Jose, CA):

“Tim Cook squared off strongly against the silicon valley ‘data industrial complex’ by showing strong solidarity with the new European Community General Data Protection Regulation (GDPR) and support for the creation of a similar data privacy law in the United States. Regulatory initiatives such as GDPR, U.S. Senate bill S.2289, California Consumer Privacy 2020 require many additional capabilities for data and threat protection both on-premise and in the cloud.

Of course, the devil remains in the details. As the data privacy regulations evolve, the enterprise must continue to move assertively to implement basic cybersecurity protections such as end-to-end data encryption, two-factor authentication, network segmentation, and much more.”