Apple, a company often lauded for its strict privacy policies, recently settled a lawsuit for $95 million over allegations that its voice assistant, Siri, recorded private conversations without users’ consent. The case, which spanned more than five years in the U.S. District Court in Oakland, California, highlights significant concerns around voice-activated technology and data privacy.
The lawsuit accused Apple of unlawfully enabling Siri to record conversations even when users had not triggered it with the command “Hey, Siri.” Some plaintiffs claimed they received targeted ads based on private discussions, raising concerns about how voice data was being processed and whether it was shared with third parties.
Although Apple denied any wrongdoing, the settlement allows eligible users who owned Siri-enabled devices between 17 September 2014 and 31 December 2024 to claim compensation. The payout may reach up to $20 per device, with a cap of five devices per individual. Despite being a fraction of Apple’s annual revenue, this case underscores the growing scrutiny tech companies face regarding data privacy.
Apple’s Response and Privacy Commitments
Apple has consistently positioned itself as a leader in consumer privacy, emphasising that it does not sell Siri data to advertisers or create marketing profiles based on user interactions. Following its 2019 report exposing similar concerns, Apple revised its Siri data processing methods, enabling users to opt-out of having their recordings stored for review.
In response to the lawsuit, Apple reiterated its privacy stance, stating that Siri only processes user requests with minimal data collection and does not retain audio recordings unless users explicitly opt-in. The company emphasised that real-time processing for certain features occurs on Apple’s servers, but data is used solely for enhancing Siri’s accuracy and not for marketing purposes.
The Broader Implications for Data Privacy
The Siri lawsuit is a reminder that even companies with strong privacy commitments must continuously assess and refine their data protection practices. As voice-activated technologies become more prevalent, businesses must ensure transparency and user control over data collection.
The case also highlights the importance of obtaining informed consent, particularly in three key categories of data collection:
• Zero-Party Data – Information that individuals willingly share, such as preferences, feedback, and purchase intentions. Since users voluntarily provide this data, it is highly valuable and fosters trust when handled responsibly.
• First-Party Data – Data directly collected by businesses through their platforms, such as browsing history, app interactions, and past purchases. While this data is generally reliable, companies must be transparent about its use and storage.
• Third-Party Data – Information sourced from external entities, often sold for advertising purposes. This type of data collection raises the greatest privacy concerns, as users may be unaware that their information is being shared or sold.
Apple’s $95 million settlement serves as a stark warning to businesses leveraging consumer data. Transparency, accountability, and user consent must be at the forefront of data collection strategies.
To maintain consumer trust, organisations should implement privacy-by-design principles, conduct regular audits, and provide clear opt-in and opt-out options. As regulatory scrutiny on data privacy intensifies, companies must proactively adapt their policies to align with evolving expectations and legal standards. Notably, Apple’s case is not isolated. A similar lawsuit involving Google’s Voice Assistant is currently pending in a San Jose, California Federal Court.
Consumers expect fair and transparent collection and handling of their personal data and anything less than this will affect an organisations’ bottom line.
HewardMills’ team of data protection experts is well-equipped to support organisations navigating these challenges. From compliance advisory to outsourced Data Protection Officer services, we help businesses build robust privacy frameworks that protect user data and uphold trust in the digital economy.
