Apple has long sought to protect the personal data of its customers, but that reputation was probably most cemented in the minds of the public by the way the company stood up to the FBI. Refusing to compromise its stance on iOS security even in the face of a legal demand by the highest federal law enforcement agency in the land sent an extremely strong message.

But Bloomberg yesterday ran a piece questioning Apple’s commitment to privacy …

Entitled Is Apple Really Your Privacy Hero?, the piece argues that Apple looks at only one side of the equation.

It even accuses Apple of misleading iOS users.

When developers get our information, and that of the acquaintances in our contacts list, it’s theirs to use and move around unseen by Apple. It can be sold to data brokers, shared with political campaigns, or posted on the internet. [A new rule added last month] forbids that, but Apple does nothing to make it technically difficult for developers to harvest the information.

The irony here is that Facebook’s carelessness in allowing third-party companies access to the personal data of people who didn’t consent to it – the friends of people who participated in ‘personality surveys’ – has effectively raised the stakes of what we now demand of companies.

It’s no longer enough for Apple to talk only about its own use of our data. Just as Facebook had to accept responsibility for the actions of Cambridge Analytica, because the social network made it possible for the political consultancy to obtain the data, so Bloomberg asks Apple to accept responsibility for the data it allows developers to gather.

I do think Bloomberg’s Sarah Frier makes a good point. Anyone who makes extensive use of the Notes field might have a lot of sensitive information about individuals, and if I’m in your contacts list and you share your contact information with an app developer, Apple doesn’t seek my consent to my details being shared.

Frier makes a couple of specific suggestions. First, when a user agrees to share contact data, only allow access to phone numbers and email addresses. Second, allow users the option to encrypt data for certain contacts.

Her broader point, though, is that Apple doesn’t currently even know what developers do with our data. And that is exactly what got Facebook into such hot water.

I don’t doubt that Apple’s commitment to privacy is genuine. But the company isn’t perfect. It already had to boost its privacy standards to comply with Europe’s GDPR privacy law, and the Facebook mess shows that there’s also a need to look beyond what Apple itself does with our data, and be proactive in limiting what developers can do with it.