Apple to face Irish led probe in privacy sweep

Irish Data Protection Commissioner Helen Dixon

Adrian Weckler

The Irish Data Protection Commissioner, Helen Dixon, is to "scope" a privacy audit of Apple in relation to a "very specific risk" that Apple device users are said to face.

"We've identified a very specific risk," said Ms Dixon. "This is something substantive that we want to look into. It's a type of area for audit that will affect lots of data subjects and probably any data subject that uses Apple devices in particular."

Ms Dixon declined to give more details about the upcoming probe, as her office has not yet commenced detailed discussions with Apple on the subject. She said that it is due to begin in the autumn.

However, understands that the issue relates to Apple's 'AppleCare' IT support system. The Irish regulator is set to probe whether data accessed by Apple during the enquiry process meets with European standards.

Ms Dixon said that the issue arose after receiving notice from another European data protection regulator.

“The Office has recently received a number of related individual complaints from the Bavarian data protection authority that concern an aspect of personal data processing by Apple,” she said.

“Due to the nature of the issues which could affect many users, it is intended this Office will scope a number of questions arising from the complaints for audit and inspection with Apple. It may be the case that when the scoping and any arising audit and inspection are completed, no substantive issues or contraventions will be identified or, equally, it may be the case that the DPC will seek to make recommendations for compliance with the Data Protection Acts.

"It is not possible at this point, as the scoping has not yet occurred, to draw any conclusions as to what the outcome in this matter will be.”

However, she said that the Irish Data Protection Authority is currently investigating another software giant, Adobe, in relation to its 'Digital Editions' ebook product.

In a wide-ranging interview with the Irish Independent, Ms Dixon also said her office has battled "misapprehensions" abroad that Irish data protection implementation was more lax than in other European countries. She again rebutted claims that the Irish state was "deliberately not investing in data protection and was more interested in multinationals and jobs".

"We have countered the misapprehension that somehow we took data privacy less seriously or that we weren't as professional as an office," she said.

Ms Dixon also said that she hopes her office will have 120 personnel by 2018, a four-fold increase on its staffing levels two years ago.

She said that the unresolved status of data transfers between Europe and the US, brought about by the European Court Of Justice's dismissal of the 'Safe Harbour' agreement and by ongoing doubt over its 'Privacy Shield' successor, have left companies facing "uncertainty".

"It is a mess," said Ms Dixon. "There's an effort to try and square the circle of whether data flows can go between the EU and the US and we're not yet sure if that circle can be squared."

She said that European and American administrations would need to reach a "political" solution to the problem based on "trade-offs".

"Europeans have a fundamental right to have their data privacy protected.

"They also have rights to freedom of expression and consequent rights to access digital services. We won't be thanked if, ultimately, the result is a degradation of services in Europe or the pulling out of certain services in Europe."

Ms Dixon said that the Irish Data Protection Authority differed from other European data regulators, which engage with multinationals "from behind a wall".

"That approach serves no-one's interests, least of all the data subjects of Europe," she said. "In order to protect privacy rights in these novel and innovative scenarios, you have to understand what these companies are doing… We believe that our approach delivers."