This week:

• Apple’s push on privacy has proven a surefire win with customers, but … 
• Moves outside the U.S. may still leave it—and other giants of tech—behind the regulatory curve;
• India is following its own path on online privacy, as the high-level fallout of the Pegasus spyware scandal sparks a wider debate about privacy.

How sincere is Apple about privacy? Nikhil Vemu took a look at what Steve Jobs had to say about it in 2010, what got him all riled up in the first place, and how the Apple co-founder insisted on a simple definition of privacy. Twelve years later, Facebook may lose $10 billion in revenue in 2022 because of Apple’s app tracking transparency privacy feature, and more consumers are placing trust in the company when buying iPhones. And Apple’s move may also have created a public appetite for more: Fast Company has listed 10 privacy features Apple should add next, from encrypting data end-to-end to creating a secure hidden photos folder. 

While the European Union’s General Data Protection Regulation is seen as the most comprehensive regulation in the world on the issue of privacy, there’s a slew of other legislation pending, such as the Digital Markets Act and the soon-to-be-voted-on Digital Services Act and plans by the EU to regulate AI, a move that may cost companies up to 6 percent of global revenues. The U.K. is proposing fair-play rules for tech platforms’ use of news, which would require big tech firms such as Facebook and Google to be clear about deals with publishers, similar to rules introduced by Australia in 2020. Britain has also been looking in particular at app security and privacy interventions and has just issued a new call for public views before making any further intervention.

Banking institutions are also taking a look: The Bank of International Settlements has said governments should adopt new data governance systems including requiring tech companies to get clearer consent when collecting data. That such institutions are showing an interest should not be surprising, given the growth of open banking and the idea of a central bank digital currency—a digital-only money loosely related to cryptocurrencies. The European Central Bank has just published the privacy options for its planned digital euro, the most privacy-oriented one mirroring, at least for low-value transactions, the anonymity of today’s cash exchange for goods.

Big Tech has learned to its detriment not to ignore the regulatory landscape outside Europe. India is in a state of uncertainty over privacy: It’s ordering any entity, private or otherwise, to report any cybersecurity incident within six hours of discovering it, which might be good for transparency, but another requirement, that virtual private networks collect and store customer data for five years or more, has prompted VPN companies to threaten to pull out of India. One company suggests the InterPlanetary File System, or IPFS, and so-called web3, a decentralized internet, will become a part of India’s privacy future. This is playing out against a year-long backdrop of anxiety over the discovery that some 300 Indian residents were hacked by the Israel-based NSO’s Pegasus spyware. A deep dive into this incident—and its privacy implications—can be found at The Register. (Amnesty International has pointed out that there are perils for privacy in neighboring Bangladesh as well, where a new data protection bill would reportedly exempt certain government agencies from compliance with privacy regulations.)

Jeremy Wagstaff, formerly a technology journalist with Reuters, now works as a writer and consultant. Past clients have included Microsoft, Google, Cisco, Samsung and Facebook. He has no current clients among, or financial interest in, any companies in the Fortune 500.