Published: October 2019Click To View (PDF)

An overview of the technology sector’s public expressions of privacy initiatives and values.

Privacy is top-of-mind for technology companies and their consumers. Since Facebook’s data-sharing practices came under scrutiny following reporting on Cambridge Analytica, consumers and legislators have sharpened their interest in big tech’s use of data. In response, many companies continue to review, refine, and clarify their data practices for the benefit of consumers. Some of that clarification comes in the form of prominent public statements from CEOs or published op-eds, dedicated privacy sessions during developer conferences, and marketing-style promotion of privacy as a product feature.

To understand how companies are messaging their approach to privacy to consumers, the IAPP reviewed consumer-facing privacy webpages, prominent publications, public statements by CEOs, and general promotional materials of the tech industry’s main consumer-facing players (Google, Facebook, Microsoft, and Apple; see the note at the bottom of the page for a comment on Amazon). The goal was to summarize how each company is expressing its view of privacy to consumers. This review was not an assessment and comparison of each company’s privacy notice and associated disclosures, its focus was on each company’s promotional efforts to communicate its approach to privacy to consumers—i.e., how each company expresses privacy. The omission of a value or privacy strategy from one company’s column does not indicate that the company does not hold that value or practice that strategy, instead, it is indicative of the fact that the company chooses to emphasize different elements of its approach to privacy. For example, all the companies express a commitment to encryption, but Facebook and Apple make it a more prominent element of their consumer-facing privacy communication than the others.

Amazon was also considered for this chart, but unlike the four companies included, it does not have a central privacy webpage/website and does not make a concerted marketing and promotional effort to communicate its vision of privacy to consumers. Rather than comprehensive privacy resources, Amazon’s consumer-facing privacy communication is limited to traditional privacy notices and product-specific announcements that touch on privacy elements. Amazon does communicate certain aspects of its approach to privacy (for example, in this blog post about differential privacy), but because the company does not promote its vision for privacy directly to consumers, it was not included in this chart.

The Ranking Digital Rights 2019 Corporate Accountability Index provides another perspective on each company’s approach to privacy:
Ranking Digital Rights published its 2019 Corporate Accountability Index on May 16. The report evaluates twenty-four of the largest and most powerful internet, mobile, and telecommunications companies in the world for their performance in three domains: governance, freedom of expression, and privacy. During the introduction of the index, Ranking Digital Rights Director, Rebecca MacKinnon, noted that “[a]cross the board companies are doing more to govern privacy-related risks than they are doing to govern freedom of expression-related risks.” The four companies included in the IAPP chart are included in the 2019 Corporate Accountability Index.

The following is a list of the source URLs reviewed to create the chart:





Federal Law

Credits: 2

Submit for CPEs