In his keynote address here at the International Conference of Data Protection and Privacy Commissioners in Brussels, Apple CEO Tim Cook was direct and to the point: “We at Apple are in full support of a comprehensive federal privacy law in the United States.”

This drew loud applause from the roughly 1,000 data protection authorities and interested observers collected in the plenary hall of the European Parliament for this 40th meeting of the world’s data regulators.

However, he said, “There are many people who would prefer I hadn’t said that. Some oppose any form of privacy legislation. Others will endorse reform in public and then resist and undermine it behind closed doors. They may say to you, ‘Our companies can never achieve technology’s true potential if we’re constrained by privacy regulation.’”

But that argument, he said, “isn’t just wrong, it’s destructive. Technology’s potential is and always must be rooted in the faith that people have in it. … In its promise and capacity to make the world a better place. We will never achieve technology’s true potential without the full faith and confidence of the people who use it.”

Cook noted that Apple’s commitment to privacy is long-standing. When Apple designed and conceived of the iPhone, co-founder Steve Jobs “knew it could put more personal data in your pocket than most of us keep in our homes,” Cook said. “And there was enormous pressure on Steve and Apple to bend our values and freely share that information. But we refused to compromise. We’ve only deepened our commitment in the decade since.”

Apple doesn’t claim to have all of the answers for the best way to manage privacy around the globe, nor are they absolutist. “Instead,” Cook said, “we always try to return to that simple question: What kind of world do we want to live in?”

That’s not to say, however, that Apple doesn’t have ideas for how it would like to see a U.S. federal privacy law put together. Cook outlined four main principles the company sees as vital to any effective legislation.

First, he supported the right to have personal data minimized, with companies having to justify why data is collected and retained. Second, he said, “all users should know what data is collected and what data is being collected for. That’s the only way for users to decide what’s legitimate and what isn’t. Anything less is a sham.”

Third, Cook supported the right to access, both the ability for users to see what data is held, and that it is correct, but also for users to get a copy of or delete the personal data.

Finally, users, Cook said, should have the right to security. “Security is foundational,” he said, “to trust and all other privacy rights.”

Because, make no mistake, getting privacy right is vital, he argued: “The problem is real. We must not shrink from this moment.”

“We shouldn’t sugarcoat the consequences,” Cook said. The creation of extensive digital profiles “is surveillance. And these stockpiles of personal data serve only to enrich the companies that collect them. This should make us uncomfortable.”

At Apple, Cook said, “at every stage of the creative process … we engage in open, honest ethical debate about the products we make and the impact they will have. This is just part of our culture. We don’t do it because we have to. We do it because we ought to. It’s as important to us as any feature.”

Photo credit: ICDPPC 2018 Twitter account.