Published: October 2019Click To View (PDF)

An overview of the technology sector’s public expressions of privacy initiatives and values.

Privacy is top-of-mind for technology companies and their consumers. Since Facebook’s data-sharing practices came under scrutiny following reporting on Cambridge Analytica, consumers and legislators have sharpened their interest in big tech’s use of data. In response, many companies continue to review, refine, and clarify their data practices for the benefit of consumers. Some of that clarification comes in the form of prominent public statements from CEOs or published op-eds, dedicated privacy sessions during developer conferences, and marketing-style promotion of privacy as a product feature.

To understand how companies are messaging their approach to privacy to consumers, the IAPP reviewed consumer-facing privacy webpages, prominent publications, public statements by CEOs, and general promotional materials of the tech industry’s main consumer-facing players (Google, Facebook, Microsoft, and Apple; see the note at the bottom of the page for a comment on Amazon). The goal was to summarize how each company is expressing its view of privacy to consumers. This review was not an assessment and comparison of each company’s privacy notice and associated disclosures, its focus was on each company’s promotional efforts to communicate its approach to privacy to consumers—i.e., how each company expresses privacy. The omission of a value or privacy strategy from one company’s column does not indicate that the company does not hold that value or practice that strategy, instead, it is indicative of the fact that the company chooses to emphasize different elements of its approach to privacy. For example, all the companies express a commitment to encryption, but Facebook and Apple make it a more prominent element of their consumer-facing privacy communication than the others.

Note:
Amazon was also considered for this chart, but unlike the four companies included, it does not have a central privacy webpage/website and does not make a concerted marketing and promotional effort to communicate its vision of privacy to consumers. Rather than comprehensive privacy resources, Amazon’s consumer-facing privacy communication is limited to traditional privacy notices and product-specific announcements that touch on privacy elements. Amazon does communicate certain aspects of its approach to privacy (for example, in this blog post about differential privacy), but because the company does not promote its vision for privacy directly to consumers, it was not included in this chart.

The Ranking Digital Rights 2019 Corporate Accountability Index provides another perspective on each company’s approach to privacy:
Ranking Digital Rights published its 2019 Corporate Accountability Index on May 16. The report evaluates twenty-four of the largest and most powerful internet, mobile, and telecommunications companies in the world for their performance in three domains: governance, freedom of expression, and privacy. During the introduction of the index, Ranking Digital Rights Director, Rebecca MacKinnon, noted that “[a]cross the board companies are doing more to govern privacy-related risks than they are doing to govern freedom of expression-related risks.” The four companies included in the IAPP chart are included in the 2019 Corporate Accountability Index.

The following is a list of the source URLs reviewed to create the chart:

Google

• Data & personalization
• Google’s Sundar Pichai: Privacy Should Not Be a Luxury Good
• Google AI Blog
• Introducing auto-delete controls for your Location History and activity data
• Google will now let you use your Android phone as a physical security key
• Introducing TensorFlow Privacy: Learning with Differential Privacy for Training Data
• Google vows greater user privacy, after decades of data collection
• A Very Long List of Privacy Features Google Talked About Today at Google I/O
• Privacy Controls
  
• Privacy & Terms

Facebook

• A Privacy-Focused Vision for Social Networking
• Mark Zuckerberg: The Internet Needs New Rules. Let's Start in These Four Areas
• Facebook’s Mark Zuckerberg Says He’ll Shift Focus to Users’ Privacy
• Four Ideas to Regulate the Internet
  
• Facebook Privacy Basics

Microsoft

• Privacy at Microsoft
  
• Privacy at Microsoft (Trust Center)
• Microsoft Account Privacy
  
• Microsoft Security Development Lifecycle
• What are the Microsoft SDL practices?
  
• Windows 10 Privacy
• GDPR’s first anniversary: A year of progress in privacy protection
• Increasing transparency and customer control over data
• Microsoft wants a US privacy law that puts the burden on tech companies
• How Microsoft works with customers to keep their trust: A story from the Netherlands

Apple

• Privacy
• Manage your Privacy
• Approach to Privacy
• Examining Safeguards for Consumer Data Privacy
• Apple CEO Cook: Apple in full support of a comprehensive US privacy law
• Tim Cook: You Deserve Privacy Online. Here’s How You Could Actually Get It
• Apple introduces ‘Sign in with Apple’ to help protect your privacy
• Developer News & Updates

Federal Law

• US federal privacy law? Apple, Google, Facebook, Microsoft all hope so
• This Is What Tech Companies Want in Any Federal Data Privacy Legislation
• RSA Conference 2019: Microsoft, Google, Twitter on Federal Privacy Regs
• Microsoft wants a US privacy law that puts the burden on tech companies
• Tech Giants weigh in on Federal Privacy Law
• Microsoft calls for federal regulation of the tech industry