Ever since the Cambridge Analytica story broke, revealing that 87 million Facebook members had their personal data used without permission, Apple and its CEO Tim Cook have been saying one thing over and over: Apple's customers are not its product. In other words, Apple won't sell personal data belonging to iPhone and iPad users. But according to Bloomberg, a lawsuit filed today by three people who live in Rhode Island and Michigan claims that Apple will sell information related to iTunes purchases without users' consent.
The complaint, filed in federal court in San Francisco, seeks class-action status. The suit claims that Apple's disclosure of iTunes customers' personal data is not just illegal, but is also dangerous because it allows bad actors to target the most vulnerable Americans. In the filing, the plaintiffs point out that any person or business can rent a list with "the name and addresses of unmarried, college-educated women over the age of 70 with a household income of over $80,000, who purchased country music from Apple via its iTunes Store mobile application." The plaintiffs add that "such a list is available for sale for approximately $136 per thousand customers listed." That means that a company or someone with malicious intent can pay just 13 cents per customer for this data.
Based on the different privacy laws for each state, the lawsuit asks the court to order Apple to pay $250 for each iTunes customer in Rhode Island whose personal information was disclosed by Apple, and $5,000 for each Michigan resident similarly impacted. The case is filed as Wheaton v Apple, and the latter has yet to issue a comment on the legal action.
"The customer is not our product" has been Tim Cook's mantra
Facebook had allowed personal data from 87 million users to be disclosed to Professor Aleksandr Kogan for research use only. Kogan turned around and sold the information to political consultancy firm Cambridge Analytica, which used the data for the 2016 Trump presidential campaign. This violated a consent decree that Facebook signed with the FTC back in 2011 and the antitrust agency could smack Facebook with a fine as high as $5 billion in return. Around that time, Tim Cook was asked what he would do if he were Facebook co-founder and CEO Mark Zuckerberg. Cook replied, "I wouldn’t be in this situation. We could make a ton of money if our customer was our product. We’ve elected not to do that."
Cook repeated the same line when he spoke in front of the House Committee on Energy and Commerce last August. Rep. Greg Walden (R-Ohio), then chairman of the committee, asked what Apple's position on privacy was. He also wanted to know how Apple collects customers' location data, and whether Siri could be used to listen in to conversations. Rep. Walden sent a similar letter to Alphabet CEO Larry Page, asking whether Google collects location data from Android users even with the location services setting disabled.
Interestingly, Apple put up a giant billboard earlier this year in Las Vegas to promote how secure personal data is on the iPhone. Riffing on the famous Las Vegas slogan, "What happens in Las Vegas, stays in Las Vegas," Apple's billboard said, "What happens on your iPhone, stays on your iPhone." The billboard was strategically placed on a building that overlooked the Las Vegas Convention Center, which was hosting the 2019 Consumer Electronics Show (CES) at the time. On the bottom of the huge sign, you can see the web address of the company's privacy page (apple.com/privacy).
Apple unveiled the iTunes platform in January 2001 and it is one of the businesses in Apple's Services unit along with the App Store, Apple Music, Apple Pay, AppleCare, Apple News+, Apple TV+ and starting this fall, Apple Arcade. Apple purchased the platform, then known as SoundJam MP, in 2000 and changed its name.