A complaint has been made to a European privacy watchdog that Apple does not fully comply with its GDPR obligations.
The General Data Protection Regulation requires companies to supply, on request, a copy of all the data they hold on you. Having tested this with ten users, an Austrian non-profit organization said that Apple failed to supply a complete set of data …
GDPR is the world’s toughest privacy law, and places a number of obligations on companies which collect the personal data of European Union citizens. Four of the key ones are:
- There must be a specific, lawful reason to process the data
- Personal data must be encrypted
- You have a right to a copy of your data
- You can ask for your data to be deleted
Apple said that it planned to extend GDPR-standard protection to all its customers worldwide, not just EU citizens. In order to comply with bullet three above, it created the ability to submit an online request – which is also open to those in the US, Canada and some other non-EU countries.
Once you submit your request, it can take up to seven days for Apple to supply a link to download a copy of your data.
However, Reuters reports that non-profit organization noyb found the feature wanting.
Schrems said that some of the companies don’t even come close to handing over all the data they hold on individuals.
The action by noyb, chaired by data privacy activist Max Schrems, also named Netflix, Spotify and Youtube, after it tested them by requesting private data the companies hold about the user.
“No service fully complied,” noyb said in its statement.
Spotify reached out to us to say that it believes it is fully compliant.
The complaint comes at an awkward time for Apple, a day after Tim Cook called for ‘comprehensive federal privacy legislation‘ in the US. Cook made the call in an op-ed column in TIME Magazine.
Photo: Shutterstock
