Happy GDPR Day

Today, the European Union’s General Data Protection Regulation comes into force. For the past several months, technology companies have been racing to meet its demands, which can involve substantial engineering work to retrofit existing platforms.

My former colleagues at Apple have launched a new self-service Data and Privacy tool and a Privacy Enquiries support website that give customers visibility into (and control over) the information about them that Apple keeps. Recent software updates also added data usage disclosures to inform users when and how their data is being processed. No, The Verge, it has nothing to do with stopping phishing.

As journalists have been trying out these tools, they’ve reported that the company has been true to its word about its devotion to privacy. Jefferson Graham wrote,

The zip file I eventually received from Apple was tiny, only 9 megabytes, compared to 243 MB from Google and 881 MB from Facebook. And there’s not much there, because Apple says the information is primarily kept on your device, not its servers.

This is no accident. Apple engineers go to great lengths to design software that minimizes data collection and protects the user’s information. From end-to-end encrypted iMessage to feats like on-device photo classification and privacy-preserving telemetry, so many features took a more challenging path because it was the right thing to do. And all without apparent sacrifice to usability or capability.

So today, in thanks for their tireless work looking out for our privacy in an industry that, at best, doesn’t seem to care, I sent my friends on the Privacy Engineering team a treat in honor of GDPR Day:

GDPR Day Cake

Betsy Braun, the Bay Area’s most ebullient violinist and music instructor, designed, baked, and decorated this three-layer vanilla buttercream cake for the occasion. Let’s say the layers represent transparency, control, and consent—the delicious foundations of privacy protection. Thank you, Betsy!