Battle Lines Drawn in the Tech Industry: The Future of Federal Data Privacy Law in the United States

By: Genevieve Bresnahan

On October 24, Apple CEO Tim Cook spoke in Brussels, Belgium, at the annual International Conference of Data Protection and Privacy Commissioners.[1]  Cook praised the European Union’s General Data Protection Regulation (hereinafter “GDPR”) during his speech, and expressed Apple’s support for the passage of a similar comprehensive federal privacy law in the United States.[2]  The GDPR, which went into effect in May of 2018, gives European citizens more autonomy over the data Facebook and other companies collect.[3]  If those companies fail to comply, they can face fines up to four percent of their global revenue.[4]  Cook explained that a future federal privacy law in the United States should center around four essential rights: 1) the right to have personal data minimized; 2) the right to knowledge; 3) the right to access; and 4) the right to security.[5]

Big technology and social media companies have come under increased scrutiny in recent months due to numerous high-profile privacy incidents, concerns over “fake news,” and questions over the integrity of American elections, to name a few.  For example, last November, Facebook admitted that at least 3,000 advertisements, at an estimated cost of $150,000, had been placed by a Russian agency during the 2016 presidential election.[6]  A few months later, multiple media outlets revealed that consulting firm Cambridge Analytica harvested data from as many as 87 million Facebook users.[7]  Today, Facebook, Apple, Google, and other tech companies are grappling with data privacy concerns under a more intense spotlight.[8]

This privacy debate has also revealed battle lines being drawn in the big tech industry.[9]  Cook stated in Brussels that “[w]e at Apple believe that privacy is a fundamental human right. But we also recognize that not everyone sees things as we do.  In a way, the desire to put profits over privacy is nothing new.”[10]  He continued to critique other tech companies, saying there are others who would inevitably echo his call for a federal privacy law in public but in reality, work discretely to undermine it.[11]  The positions companies take in this debate largely depend on their business models.[12]  Facebook treats its consumers as its products to maximize revenue on the sale of advertising dollars.[13]  Therefore, Facebook and Google will benefit from a regulatory scheme that allows them to continue to collect customer data.[14]  Apple, however, can more freely advocate for tighter data protection regulations because its revenue comes from the sale of its products, rather than user data.[15]  That is exactly the type of advocacy Cook seems to be laying the groundwork for.[16]

Given the many recent high-profile incidents that have lawmakers honing in on big tech, the United States is planning to take a new look at its privacy laws.[17]  Additionally, businesses are deciding whether an overarching federal law may be easier to manage rather than a multitude of various state laws enforcing different privacy standards.[18]  Cook is taking a gamble in hopes that a new federal law will be more favorable to his company.[19]  Facebook’s CEO Mark Zuckerberg and Google’s CEO Sundar Pichai addressed the group in Brussel’s via video link later in the conference, and likewise acknowledged the importance of addressing privacy concerns.[20]  However, the battle lines are clear.[21]  These complex dynamics, and the steps technology companies like Apple are taking, will help determine the future of federal data privacy law in the United States.[22]  Apple, Google, Facebook, and others will continue to advocate for self-regulation, and attempt to define what federal regulations might look like, before the federal government comes up with their own ideas.

[1] Sara Salinas & Sam Meredith, Tim Cook: Personal Data Collection is Being ‘Weaponized Against Us With Military Efficiency’, CNBC (Oct. 24, 2018),

[2] Id.

[3] Brian Fung, Why You’re Getting Flooded With Privacy Notifications in Your Email, Wash. Post (May 25, 2018),

[4] Id.

[5] Salinas, supra note 1.

[6] See Genevieve Bresnahan, Elect to Regulate: Regulating Social Media Companies in the Wake of an Election Advertising Crisis, Am. U. Bus. L. Rev. (Nov. 22, 2017), (arguing that the United States’ regulatory framework must catch up to the operational realities of our social media platforms by imposing disclosure requirements).

[7] Jen Kirby, 9 Questions About Facebook and Data Sharing You Were Too Embarrassed To Ask, Vox (Apr. 10, 2018, 11:50 AM)

[8] See Makena Kelly, How Congress Could Rein in Google and Facebook, The Verge (Oct. 31, 2018),

[9] See Sara Fischer, It’s On: Apple vs. Facebook, Axios (June 5, 2018),; see also Cat Zakrzeski, The Cybersecurity 202: Tim Cook’s Sharp Rebuke of ‘Data Industrial Complex’ Draws Battle Lines in Privacy Debate, Wash. Post (Oct. 24, 2018),

[10] Zakrzeksi, supra note 9.

[11] Salinas, supra note 1.

[12] Zakrzeksi, supra note 9.

[13] See Fischer, supra note 9.

[14] See Zakrzeksi, supra note 9; see also David Goldman, Tim Cook Wants Stricter Privacy Laws, CNN (Oct. 24, 2018, 12:45 PM),

[15] See Zakrzeksi, supra note 9.   

[16] Id.

[17] See, e.g., Kelly, supra note 8.

[18] See Zakrzeksi, supra note 9.   

[19] Id.

[20] Mark Scott, Apple, Google, Facebook Line Up to Pay Homage to EU Privacy Rules, Politico (Oct. 24, 2018),

[21] See Fischer, supra note 9; see also Zakrzeksi, supra note 9.

[22] See Kelly, supra note 8.

Leave a Reply

Your email address will not be published. Required fields are marked *