“Siri: Are you recording me?” “No, but I am listening to you”

20 May 2020
Siri Image

After lack of reaction: former Apple employee presents letter to DPAs, asking them to investigate Siri recording the users. noyb.eu will be looking into the case.

We generally believe that Siri only listens to us when triggered by the well-known command "Hey Siri!". In such cases, users are conscious of sharing their personal data – be it a search (“Hey Siri, show me the nearest restaurant”) or a simple joke (“Hey Siri, am I not awesome today?”).

Letter blows whistle on Apple – again.  A public letter shared today by whistle-blower Thomas Le Bonniec, a former employee of Apple, describes a different reality: According to Le Bonniec, Siri is even recording when it is not triggered by the users. Thousands of recordings were sent to Apple in order for hundreds of Apple employees to listen, analyse and transcribe their content. The public statement reveals that Apple collected millions of confidential messages, full of intimate details, political opinions, sexual preferences, and discussions between persons in a room, without the users even being aware of it.

Apple promised to take action in 2019. In a public apology last August, Apple admitted that these practices were not up to the privacy standards. According to today’s disclosures it seems that contrary to Apple’s statement, no end was put to the recording of Apple’s users. More importantly, the press already revealed that other multinational tech companies followed the same road.

Violation of EU privacy law. The recordings revealed in the public statement, already substantiated with evidence provided by Thomas Le Bonniec last year, amount to serious and massive violation of individual’s right to privacy, confidentiality and data protection. Not only the GDPR (having its 2 year anniversary in a few days) but also the ePrivacy legislations, among others, were (and are even maybe still) breached. 

No action by Irish regulator. In a statement of December 2019, the Irish Data Protection Commission (“DPC”) announced it was engaging with tech companies “to establish the manner by which their voice assistant products comply with data protection requirements”. However, to noyb's knowledge, no investigation was initiated after Apple’s statement last year. Moreover, most of the actors that follow a similar practice have their headquarters in Ireland, where investigations can take years before an outcome is shared with other Data Proteciton Authoritied (DPAs).

noyb.eu plans action. Due to the scope and gravity of the alleged violations, noyb.eu expects the case to be reviewed under the urgency procedure Article 66 GDPR. Considering the development, we plan to file complaints against such practices including all tech companies recording their users with their digital assistants in violation of privacy laws. 

Do you wish to provide information to support the case? You can submit documents anonymously via our SecureDrop or message us at info@noyb.eu