2020 RDR Index
Digital platforms

Apple, Inc.

Rank: 6th
Score: 43%

Headquartered in the United States, Apple manufactures computers, smartphones, and other devices, and produces the iOS operating system and application software. As of late 2019, the company had a base of 1.5 billion active devices.

Twitter
1
53%
Verizon Media
2
52%
Microsoft
3
50%
Google
4
48%
Facebook
5
45%
Apple
6
43%
Kakao
7
42%
Mail.Ru
8
27%
Yandex
8
27%
Alibaba
10
25%
Baidu
10
25%
Samsung
12
23%
Tencent
13
22%
Amazon
14
20%

Apple ranked sixth among digital platforms. In 2020, the company published a human rights policy that made an explicit public commitment to protect freedom of expression and information. This came after shareholders proposed a resolution pushing the company to assert a commitment to freedom of expression and information. The proposed resolution cited Apple’s 2019 removal of news and information apps in Hong Kong, along with other App Store censorship incidents. In June 2020, the company announced new privacy-protective features for iOS 14 that require third-party apps to ask for users’ permission before tracking them, a move that shocked app developers, including Facebook. Apple subsequently delayed the rollout to 2021, eliciting public pressure from advocates including RDR. Apple outscored all other digital platforms in the RDR Index on privacy, even though we could not account for the new privacy features in our scoring, due to the delayed rollout.

Key takeaways

  • Apple earned the highest privacy score of any digital platform we evaluated, and stood out for strong disclosure of its security policies.
  • Apple lacked transparency about its process for removing apps from the App Store for violations to iOS rules.
  • Apple lagged behind its peers on human rights due diligence, but strengthened its human rights commitments.

Key recommendations

  • Be transparent about rules enforcement. Apple should publish data about actions it takes to enforce its own rules, including about apps removed from its App Store, and strengthen mechanisms to appeal such enforcement decisions.
  • Strengthen human rights due diligence. Apple should commit to conducting robust, systematic human rights impact assessments on all aspects of its operations and business practices. The scope of these assessments should include evaluting risks to freedom of expression and information and the right to non-discrimination associated with the development and use of algorithmic systems and its targeted advertising policies and practices.
  • Increase user control. Apple should give users more options to control their own information. Targeted advertising should be off by default.

Services evaluated:

The 2020 RDR Index covers policies that were active between February 8, 2019, and September 15, 2020. Policies that came into effect after September 15, 2020 were not evaluated for this Index.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Veszna Wessenauer, Afef Abrougui
Download data and sources

Changes since 2019

  • Apple published a commitment recognizing freedom of expression and information as a human right (G1).
  • Apple began reporting the number of app removal demands it receives from governments (F6) and publishing some information about its process for responding to private requests for user information (P10b).
+ 10.88 points

Gained 10.88 points on comparable indicators since the 2019 RDR Index.

Governance49%
Freedom of expression22%
Privacy54%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 49%

Apple ranked fifth among digital platform companies we evaluated, falling short on human rights due diligence in comparison to its U.S. peers.

  • Commitment to human rights: Apple disclosed a clear and explicit commitment to protect and respect privacy and freedom of expression and information but failed to disclose a similar human rights commitment in its use and development of algorithmic systems (G1).
  • Human rights due diligence: Apple disclosed it conducts limited assessments of privacy risks associated with government regulations in the markets in which it operates (G4a), but did not provide evidence of conducting due diligence in other areas, including of its own policy enforcement, on its development and use of algorithmic systems, or on targeted advertising.
  • Stakeholder engagement: Apple failed to provide evidence of systematic engagement with stakeholders whose privacy and freedom of expression and information are directly impacted by the company (G5).
  • Remedy: Apple disclosed little about its remedy mechanisms to address users’ freedom of expression and information as well as privacy grievances (G6a) and even less about its processes for users and developers to appeal app removals from the App Store (G6b).

Indicators

Freedom of expression 22%

Apple lagged behind South Korea-based Kakao and most of its U.S. peers in this category.

  • Content moderation: Apple did not clearly disclose platform rules and its process for enforcing them (F3a), including rules on bots (F13). Nor did it report any data about content removals and account suspensions for violations to these policies (F4a, F4b). It offered almost no information on whether or how it notifies users when content is removed (F8).
  • Algorithmic use and content curation: Apple revealed nothing about how it uses algorithms to curate, rank, or recommend content in its App Store (F12).
  • Advertising content and targeting: The company lacked transparency about its ad content and ad targeting rules and enforcement process (F3b, F3c), and it did not publish data on content removed for violating these rules (F4c).
  • Censorship demands: Apple was transparent about its process for responding to government censorship demands (F5a) but disclosed very little about censorship requests submitted through private processes (F5b). For the first time, it reported the number of government takedown requests for apps in its App Store, and it listed the types of subject matter associated with them, following through on a prior commitment to do so. It also began disclosing the number of App Store takedown requests from governments for alleged violations of Apple's own Terms of Service (F6), but none about private requests (F7).

Indicators

Privacy 54%

Apple earned the highest privacy score, but fell short in key areas.

  • Handling of user data: While Apple did disclose some information about what user data it collects and shares, and why, it did not disclose anything about its data inference policies (P3b). Apple remained the only platform in the RDR Index to disclose it does not track users around the web, but the company disclosed nothing about whether it collects information about users through third-party data brokers (P9).
  • Government and private demands for user data: Apple was transparent about its process for responding to government demands for user information (P10a), but disclosed less information about user information requests submitted through private processes (P10b). It provided data about government demands (P11a), but like its U.S. peers, Apple did not divulge the exact number of requests received for user data under the Foreign Intelligence Surveillance Act or National Security Letters, or the actions it took in response to these requests, since it is prohibited by law from doing so. It also committed to notify users when government entities demand access to their information (P12). It did not publish any data about private requests (P11b), nor did it commit to notify users when their information is requested through private processes (P12).
  • Security: Apple disclosed more about its security policies than any other digital platform we evaluated. It was fully transparent about its internal processes for keeping user information secure (P13) and offered resources and tools to help users protect their security (P17, P18). It was less clear about its policies on data breaches (P15), and it disclosed limited information about how it addresses security vulnerabilities (P14).

Indicators

50%
12%
21%
P4. Sharing of user information
44%
P5. Purpose for collecting, inferring, and sharing user information
40%
P6. Retention of user information
36%
P7. Users' control over their own user information
34%
P8. Users' access to their own user information
68%
P9. Collection of user information from third parties
20%
75%
40%
P12. User notification about third-party requests for user information
67%
P13. Security oversight
100%
P14. Addressing security vulnerabilities
28%
P15. Data breaches
67%
P16. Encryption of user communication and private content (digital platforms)
79%
P17. Account security (digital platforms)
83%
P18. Inform and educate users about potential risks
100%