You may have read recently that Apple has agreed to pay $95 million to settle a class-action lawsuit which claimed the tech giant's virtual assistant, Siri, was recording user's conversations and violating their privacy.
It denies any wrongdoing, but an initial settlement was agreed in the Oakland, California federal court on Tuesday 31 December 2024, and could potentially mean a payout for millions of Apple users in the US.
This may seem like a lot of money (and it is), but for Apple, it's mere pennies. Handing out fines to companies like this will not see any meaningful change to the data privacy of users.
The rise in popularity of software like the best VPNs shows a growing awareness of the importance of personal online privacy. But protecting our personal privacy can only go so far, a large-scale and systematic change is required.
The case
The case concerns Siri recording user conversations without their knowledge, and was opened in 2019, covering a period of 10 years between 2014 and 2024. A software update issued by Apple in September 2014 meant the virtual assistant was only able to be activated with the words "Hey Siri," but it is alleged Siri was listening at other times, in a bid to help improve the technology.
It was later alleged that these recordings were shared with advertisers. It was reported that two plaintiffs said they received adverts for Air Jordan speakers and Olive Garden restaurants after discussing the products. It was also claimed another plaintiff received adverts for surgical treatment after a private conversation with his doctor.
Apple has maintained its innocence, seemingly settling the case to avoid any further charges and damage to its reputation.
Apple claims it is "committed to protecting user data" and that "privacy is a foundational part" of its processes. In a statement released on 8 January 2025, titled "Our longstanding privacy commitment with Siri," they commented on the allegations.
Apple says it "has never used Siri data to build marketing profiles, never made it available for advertising, and never sold it to anyone for any purpose. We are constantly developing technologies to make Siri even more private, and will continue to do so."
If you owned and used an Apple device over the last 10 years, you may be entitled to compensation. Due to the sheer number of eligible users, it is estimated that a payout may only be up to $20 per Siri-enabled device.
It is also worth mentioning that Google is currently dealing with a similar case in the San Jose, California federal court. It is accused of collecting personal data from smartphones even when tracing has been disabled by the user.
What does this mean for the future of data privacy?
For global companies like Apple, a $95 million fine is of no concern – the business posted revenue of $94.9 billion in its fiscal quarter ending in September 2024 – and won't be the catalyst for a change in data protection practices.
The Siri case clearly hasn't encouraged Apple to change its data privacy approach, because all users who have recently updated their devices are automatically opted-in to having their photos analyzed by AI.
The feature, known as "Enhanced Visual Search," is believed to have been implemented in the iOS 18.1 and macOS 15.1 updates in October 2024.
Apple explained the feature in a technical paper, explaining how users can search for photos using landmarks or points of interest. Your device "privately matches places in your photos to a global index" Apple maintains in its servers.
Machine-learning AI can then analyze the photos to identify a "region of interest" that might signify a landmark. If the AI finds a potential match, it identifies that portion of the image.
Apple states it applies "homomorphic encryption" and "differential privacy," along with "OHTTP relay" that hides your IP address. These tools supposedly prevent Apple from learning about the photo's information.
There is a way to turn off this feature. On iPhones and iPads, head to settings, select "Apps" then "Photos," scroll to the bottom and disable "Enhanced Visual Search." On Mac, open "Photos" and go to "Settings," then "General."
Whilst there are privacy concerns with the feature in general, the more pressing problem here is the fact Apple opted all users in by default and did it silently.
Apple isn't the only company to receive a data privacy related fine in 2024. In October 2024, LinkedIn was fined €310 million by the Irish Data Protection Commission (DPC) for GDPR breaches, and in August 2024, Uber was fined €290 million by the Dutch Data Protection Authority (DPA). Meta, Amazon, and TikTok were also fined in 2024 for breaches of GDPR.
GDPR legislation first came into effect in 2018 and was seen as a significant step forward in the data privacy rights of internet users. But there are a number of grey areas and loopholes companies can exploit, which pose a challenge to privacy rights.
Fines are evidently ineffective, as according to GDPR Enforcement Tracker, up to December 2024 there have been a total of 2,219 fines – totalling just over €5.5 billion (approximately $5.7 billion).
But what will it take for people's data privacy to be taken seriously? How high will fines go? What alternative deterrents are there?
It may be time for people to take action into their own hands. Seek out companies and products who adopt better data practices and start being vocal about the issue of data privacy.
A lot of people won't know their data rights, so education is a must. Familiarising yourself about good data practice and what to look out for is essential for everyone using the internet. As well as this, highlighting what our data is being used for and how interconnected our online activity is will open people's eyes to a world that they may not have realised existed.
Privacy apathy is real
Every one of you will have been asked to "accept cookies," with almost every website on the internet using them to run their pages and track your browsing activity. We recommend declining and opting-out of non-essential cookies and trackers wherever possible, but "privacy apathy" is real and many of us are simply burnt out when it comes to navigating the world of online data privacy.
With the sheer volume of things you have to look out for, digital noise burning you out is totally understandable – but it can lead to dangerous consequences.
Almost every app on your phone, tablet, or laptop can track you and Facebook, Instagram, and YouTube all have privacy practices that could put your data at risk. 2024 research from data removal service Incogni analyzed and ranked the privacy of popular social media platforms. It assessed the apps' user friendliness, data collection, transgressions, transparency, and user control and consent.
All posed some degree of risk, but Reddit and Snapchat were the two lowest scoring – receiving privacy risk scores of 8.9 and 9.99 respectively (lower is better).
Facebook and Facebook Messenger were the worst performing, receiving scores of 18.98 and 16.51 respectively.
Some apps ranked significantly higher in some categories compared to others, which impacted their overall score. For example, Pinterest scored 10.49 overall, but 4.97 of that was data collection. Telegram was another example, scoring 10.93 overall but with 4.55 of that being user control and consent.
Invasive data privacy practices go beyond just social media apps and web pages, smart devices are incredibly data hungry – and may even be spying on you!
Smart devices are more popular than ever, with a reported average of 23 per household. The growing number of connected devices in our homes not only sees huge amounts of our personal data being collected, but also increases the threat of cyber attacks.
Research from consumer rights group Which? examined smart air fryers, smart watches, smart TVs, and smart speakers, and found all requested "risky" permissions for data access. The devices were stuffed with trackers and data was shared with third parties for advertising purposes.
What can you do to protect your data privacy right now?
The landscape of data privacy will not change overnight but there are steps you can take right now to bolster the privacy of your data.
You should always be aware of what permissions you have enabled and what you're consenting to. There are a number of features that can be turned off and de-selected, so take time to familiarize yourself with your device or app's privacy settings. As well as this, opt-out of any optional or non-essential data collection – only share what is absolutely necessary.
They're not exactly page turners but, if you're able to, reading privacy policies is the best way of understanding how your data is collected and what it is used for.
There are ways of deleting recordings from smart devices and as long as it doesn't affect functionality, you should disable unnecessary cameras and microphones.
Using a VPN is an effective way of protecting your online privacy. VPNs hide your IP address and encrypt your internet traffic, so it can't be seen by third parties. Many VPNs come with adblockers and threat protection, either as standard or paid extras, so having these enabled is a must.
If you have an inter-connected home and want to protect all your devices, a router VPN could be a good option. These are VPNs installed directly onto your Wi-Fi router, protecting all your devices at the source.
Installing a VPN on a router isn't the simplest task, but the best router VPN, ExpressVPN, has firmware compatible with a number of routers. It also offers its own router, preloaded with ExpressVPN software, known as ExpressVPN Aircove.
There are also data removal services, such as Incogni, which send out data removal requests to data brokers who have records of your personal information. Data removal services can also be included in VPN plans. Surfshark One+ includes Incogni, and data removal is included as part of ExpressVPN's Identity Defender.
Privacy is a human right
Privacy, and data privacy, is a human right and we must continue to raise awareness of how our data is recorded, managed, and shared. Global companies thrive on collecting our data and fines will not deter them.
Taking action in the short-term, by widening our data privacy knowledge, implementing good practices, and using tools such as VPNs and data removal services, will set us along the road of changing data privacy landscape for the better.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
