Privacy watchdogs in Europe are considering a complaint against Apple made by a former employee, who alleges the company fired her after she raised a number of concerns, including over the safety of the workplace.
The former senior engineering program manager at Apple was fired from the company last September after she raised concerns about her employer's approach to staff privacy.
At the time, Gj was placed on administrative leave by Apple after raising concerns about sexism in the workplace and a hostile and unsafe working environment. She filed complaints with the U.S. National Labor Relations Board.
She sent the earlier complaints to international oversight bodies because she wants scrutiny of Apple's privacy practices after it formally told the U.S. government its reasons for firing her.
The U.K.'s Information Commissioner confirmed receipt of the privacy complaint against Apple.
We are aware of this matter and we will assess the information provided, according to a spokesman for the ICO.
Confirmation was sent from France that it was looking at the complaint.
We received a complaint which is currently being investigated, according to a CNIL spokesman.
The Telegraph reported yesterday that it was the first time that GjF8;vik had sought to press her privacy complaint against Apple in the U.K.
Ireland's Data Protection Commission is Apple's main data protection regulator in the European Union and would be under the regulation. The DPC would not confirm or deny receiving the complaint.
The DPC can't comment on individual cases. All queries that come before the DPC are assessed and progressed in line with the DPC's complaint-handling functions.
The DPC has not yet made a decision regarding the multi-year-long investigations into Apple data processing practices.
It would take years to reach a public outcome if the DPC decided to open a new investigation into Apple.
In the conclusion of the complaint, GjF8;vik urges the regulators to investigate the matters I raised and open a larger investigation into these topics within Apple's corporate offices globally.
The company's approach to employee privacy has been the subject of a complaint submitted to European regulators.
More broadly, the complaint centers on the breadth of Apple's secrecy and anti-employee privacy policies.
At the time of writing, Apple had not responded to the complaint.
The tech giant's approach to inviting employees to engage in product testing, which involved capturing biometrics at times, left GjF8;vik feeling that her participation was mandatory, per the complaint.
According to the complaint, Apple gave information to staff about Gobbler and urged them to share the data from the app.
Apple told employees that face-related logs were uploaded from their phones daily, and that secret photographs and videos of employees were captured and uploaded to Apple's internal server.
She claims that it was unclear what data was being uploaded, how and when. It disturbed me that the app was taking photos and videos without any notification, which made me think that Apple could use my device cameras to watch me at any time. I talked to other employees about the same concerns.
The public statement by Apple that more than one billion images were used in the development of its Face ID algorithm was cited by Gj.
According to the complaint, Apple told staff of restrictions on uploading data to Gobbler in countries outside the U.S.
The app was forbidden to be used in Japan and China, but at some point, Apple decided to gather some logs there.
It is possible that employees at Apple's offices in Europe used the Gobbler app to upload their fingerprints. If that happened, Apple would be able to rely on data protection considerations over the legal ground. Whether or not the European regulators decide to investigate her complaint remains to be seen.
One of the legal grounds for processing personal data is consent. For consent to be a valid legal basis, it must be informed, specific and freely given, and even setting aside questions over whether staff were provided with adequate information about what would be done with their data, an employer-employee power dynamic might undermine their ability. There may be reasons for closer scrutiny.
The European Data Protection Supervisor will not investigate Gj's complaint because it is focused on the EU's own institutions.
The Canada's Office of the Privacy Commissioner is one of the bodies that the complaint has been submitted to.
Beyond the Gobbler/Glimmer app, Gjøvik raises concerns about the potential for Apple's software development ticket/bug reporting system to harvest personal data without staff being properly aware. It also says these tickets could ask employees to include diagnostic files, which could result in additional personal data from an employee's personal device, such as their iMessages.
In a report last year, it was said that Apple employees were often told to link their personal Apple ID to their work account.
The blurring of personal and work accounts has resulted in some unusual situations, including Gj F.vik being forced to hand compromising photos of herself to Apple lawyers when her team became involved in an unrelated legal dispute.
A report by The Verge suggests that if employees link their personal Apple ID to their work accounts, they could potentially expose privacy data.
Apple’s IDFA gets targeted in strategic EU privacy complaints
Apple’s handling of Siri snippets back in the frame after letter of complaint to EU privacy regulators
All Rights Reserved © 2024
