A month after its most recent iPhone and Mac launches, Apple has refreshed its privacy pages.
There isn’t much that’s changed: those pages still espouse Apple’s long-held commitment to privacy being a “fundamental human right” and that your information is, for the most part, kept on your iPhones, iPads and Macs.
Apple’s iOS 12 was loaded with useful security upgrades and patches for software vulnerabilities (though, granted, not one lock-screen bypass, but two have already been discovered).
As expected, the updated pages cover the new security and privacy features in iOS 12 and macOS Mojave, including new information about end-to-end encrypted group FaceTime video calls and improvements to intelligence tracking protections, as well as how Apple uses differential privacy to understand which are the most popular features, without being able to identify individual users.
But there is, actually, something new on those pages: Apple’s now allowing US customers to download all the data it holds on them through a new privacy portal.
Besides giving users the ability to download their data, it also enables them to request corrections if they spot errors.
US users got that ability on Wednesday, along with customers in Canada, Australia and New Zealand. European users have already had it for months: they got the data-download tool to coincide with the EU’s sweeping new data laws, known as the General Data Protection Regulation (GDPR).
GDPR can claim credit for elbowing quite a few tech giants into opening up data access. Besides Apple, Instagram was spurred into building a tool to let users download everything they’ve ever shared, thanks to what was then the impending regulation. The regulation requires that individuals be able to demand deletion of data, to opt out of future data collection, to view what personal data a company holds, and to download that data in a format that they can move to competitors.
Of course, Instagram’s parent company, Facebook, already had a Download Your Data tool. Mind you, just having such a feature doesn’t mean users can actually get all their data, as at least one technology policy researcher found out when Facebook told him that no, it’s too tough to find all your information in our ginormous warehouse.
I requested my iCloud data, including whatever of my photos that Apple has backed up. Apple told me it would take 7 days to get it all to me. That’s not too surprising, given that we’re probably talking years’ worth of photos.
Contrast that with the experience of TechCrunch’s Zack Whittaker: when he asked for his data, Apple only had a few megabytes worth of spreadsheets, including his order and purchase histories, plus marketing information. Whittaker takes that as a good sign: it shows that Apple doesn’t store much of our data to begin with, hence has less to fork over when you ask.
Collect a little, hold it for only a short time, and delete it when you’re done: not a bad approach to data handling… And one that keeps your head from spinning off your shoulders when users actually request all that data in those ginormous data warehouses, eh, Facebook?
If you’re considering downloading your data, please take a moment to enable two-factor authentication on your Apple ID too, because you’re not the only one interested in digging around in your iCloud.
Matt Parkes
WHile this is all very good stuff and puts more control into the hands of customers and also reduces the workload for some employee to collate and hand over the data through a manual process, what about where such a company has shared customer data with third parties. I can’t imagine that all third parties will have the same automated processes for doing the same based on an automated request. When my organisation gets a deletion request for example, we have to forward internal requests to marketing, operations and IT and then also to a number of third parties who provide functionality to us and our customers.
Lisa Vaas
Have people successfully downloaded their data? I keep getting “internal server error” when I try. I can’t imagine Apple left this up to its steam-powered, hamster-driven servers, but sheesh…