Apple is now under a third privacy investigation in Ireland, this time looking at whether the company fully meets GDPR requirements in regard to a data access request from a customer.
Europe’s General Data Protection Regulation (GDPR) law imposes a wide range of strict privacy rules on companies, one of which is that a customer has a right to see a copy of all the data held on them …
Apple offers a Data and Privacy page that allows you to request a copy of your data. Once you’ve chosen the categories you want to see (which can include everything), Apple has up to seven days to make the data available to you for download.
Reuters reports that Ireland’s Data Protection Commissioner (DPC) is investigating whether or not Apple is fully complying with this requirement. No further details are given, but these investigations often follow a consumer complaint, presumably from someone who requested a copy of their data and wasn’t satisfied that it included all of the information Apple holds on them.
The investigation was reportedly opened within the last few weeks.
Apple is already under investigation for two other possible breaches of its legal obligations in regard to privacy.
It should be stressed that an open investigation is not evidence of any wrong-doing on Apple’s part: it simply means that a complaint has been received, or a concern has been raised, and the DPC is looking into the facts. On average, around one-third of GDPR complaints are upheld.
Apple isn’t the only tech giant facing one or more privacy investigations in Ireland.
The Irish DPC has 20 investigations open into multinational technology companies whose European headquarters in Ireland puts them under its watch, with Facebook under the most scrutiny with eight individual probes, plus two into its WhatsApp subsidiary and one into Facebook-owned Instagram.
Like Apple, Twitter is also under three different investigations with one each for Google, Microsoft-owned LinkedIn and U.S. digital advertising company Quantcast.
Reuters notes that the maximum possible fine under GDPR powers is $22M, but fines are rare, and the vast majority of those imposed have been for relatively small sums. It was revealed last year that total GDPR fines in the first year totalled $56M, of which $50M was a single fine levied against Google.
Apple of course has a strong privacy focus, Tim Cook leading calls for a US federal privacy law. Most other tech giants support this, as it would establish clear rules, which they ideally want to be consistent with GDPR so one set of standards can be applied globally.
FTC: We use income earning auto affiliate links. More.