The Price of Privacy: New Laws’ Impacts on Apple, Facebook, and the Bottom Line

Written by Elisabeth Dannan


Over the past decade, Silicon Valley moguls Apple and Facebook have developed a codependent relationship working towards a mutual advantage. Apple needs Facebook’s popular apps to market its phones, tablets, and computers; Facebook needs Apple’s platforms to boost its apps’ reach into the global marketplace.

Despite the tech giants’ ongoing use of eachother’s products however, the two companies have fundamentally different marketing philosophies. On one hand, Apple directly markets products to customers, who pay up-front for iPhones, devices, and proprietary apps. Conversely, Facebook’s marketing strategy is indirect; it provides free services to end-users while relying on businesses to pay Facebook to advertise their products. Facebook attracts its strong advertising market through its invasive but effective data-collection tactics. By tracking app user habits, locations, and information, Facebook precisely targets advertisements, matching products to consumers in real time and giving businesses advertising on Facebook an edge over competitors.

Tensions between Apple’s and Facebook’s marketing approaches appeared in 2018 when Cambridge Analytica’s data breach revealed the extent of consumer information Facebook accessed and sold, and have since grown. Facebook’s image, if not market, has suffered from increased awareness of its data-tracking, and Apple has taken pains to distinguish its practices, criticizing Facebook’s data-collection policies and distancing itself from Facebook’s publicity woes. Most recently, Apple has announced plans for an iPhone update requiring apps to obtain users’ consent before tracking them for commercial purposes. In response Facebook has challenged Apple’s motives, characterizing Apple’s market strategy as catering to wealthy customers and promoting expanded use of its proprietary apps, even suggesting it may sue Apple for antitrust. Conversely, Facebook has showcased itself as championing small businesses, whose success is linked to Facebook’s data-vacuuming and target-advertising.

So whose approach will dominate–Apple’s or Facebook’s? And more practically, who will foot the bill–small businesses and users who pay more for services if Apple wins, as Facebook claims, or the public, powerless to stop their data’s collection and use if Facebook prevails, as Apple contends? To answer these questions it’s instructive to note the developing field of privacy law, both international and domestic.

Privacy laws

Europe has taken the global lead in Privacy Law with its 2018 General Data Protection Regulation (GDPR). GDPR is the world’s most comprehensive data privacy legislation to date, protecting a broad range of user-identifying information. GDPR gives EU citizens rights including access, transfer, objection to, and erasure of personal data from systems. Importantly, GDPR places the burden on companies to gain users’ consent to collect data rather than requiring users to disallow use, and heavily penalizes any company doing business with European citizens who doesn’t comply.

Although the U.S. has no federal complement to GDPR, both California and New York recently passed privacy laws that will likely impact domestic policy as a whole, since both restrict data use by companies anywhere doing business with their residents. In January 2020, California passed the California Consumer Protection Act (CCPA), which like GDPR gives Californians enforceable rights regarding use of their data and imposes fines for noncompliance. Unlike GDPR however, CCPA places the burden on consumers to disallow use of their data rather than requiring companies to gain consent. New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into effect two months after CCPA and similarly protects consumer data, largely by broadening definitions of protected private information and data breach, and by requiring companies doing business with New Yorkers to adopt information safeguards. Like CCPA, SHIELD requires consumers to disallow data use rather than making companies obtain consent. Unlike GDPR and CCPA however, SHIELD doesn’t give New Yorkers new rights. Enforcement of the Act lies with the Attorney General, who can seek fines and injunctions on reported violations.

Although GDPR, CCPA, and SHIELD are the main laws addressing data privacy laws, many states have similar laws pending, and statistics indicate public concern for data privacy is gaining momentum. So far Facebook remains compliant with all three privacy regulations by applying standard consent forms for use of its apps, and by placing compliance burdens on advertising companies rather than shouldering responsibility. Apple, as indicated by its proposed iOS update, has committed to a more proactive stance, positively implementing changes that will give consumers more control over their data’s use.

Likely Outcome

Given recent privacy laws and the tide of public opinion, Apple’s approach seems likely to prevail. Days of unfettered data-collection appear numbered, and data shows most people won’t enable tracking for commercial purposes if offered a choice. Facebook may acknowledge as much, given its increasing concern over how Apple’s consent request will be worded. Facebook’s most recent response consists of endeavors to push for wording promoting consumer’s allowing apps to track them as the update looms. So who will foot the bill for upcoming changes in privacy policies? Under the likely Apple-approach outcome, cost-bearers will be businesses, who bear higher expenses from inability to target-advertise, and in the short-term users, who may pay more for apps. However, on consideration under Apple’s scenario the total cost may be less than under Facebook’s. Consumer information misuse is expensive, as Cambridge Analytica shows, and Apple’s approach limits such risk. Further, costs of target-advertising to consumers are factors: does the edge Facebook’s ads give small businesses ultimately burden markets by facilitating impulse purchases? What is certain in any case is that consumers will pay a price, and debate over data privacy is far from over.


Allison Schiff, Here’s How Facebook, Google And Amazon Are Tackling CCPA Compliance, adexchanger.

Arlo Gilbert, California Consumer Privacy Act (CCPA) Compliance Guide: Everything You Need to Know About the New Data Privacy Law, osano.

Bobby Allyn, Why Is Facebook Launching An All-Out War On Apple’s Upcoming iPhone Update?, NPR.

Dario Villi, GDPR and Facebook: all you need to know to keep advertising safely, leadsbridge.

David Pierce, Apple vs. Facebook: The trillion-dollar privacy wars, protocol.

Jason Aten, Facebook Just Admitted It Has Lost the Battle With Apple Over Privacy, Inc.

Joseph J. Lazzaroti et al., New York SHIELD Act FAQs, National Law Review.

Josh Taylor, Facebook v. Apple: the looming showdown over data tracking and privacy, Guardian.

Kurt Wagner & Mark Gurman, The Privacy Spat Between Facebook and Apple Is Just the Beginning, Bloomberg Businessweek.

Natasha Lomas, First major GDPR decisions looming on Twitter and Facebook, techcrunch.

Noah Ramirez, 12 Facts about GDPR Cmpliance Regulations You Need to Know, osano.

Noah Ramirez, Data Privacy Laws: What You Need to Know in 2020, osano.

Noah Ramirez, The Definitive Guide to the New York Shield Law, osano.

Peter Sullivan, GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents, JDSUPRA.

Queenie Wong, Facebook vs. Apple: Here’s what you need to know about their privacy feud, c|net.

Sara Morrison, Why Facebook and Apple are fighting over your privacy, Vox.

Sonali Patnaik, The Definitive Guide to the General Data Protection Regulation (GDPR), osano.

Photo courtesy of The Guardian