The Siri Case raises new questions!
The discussions about the Siri app spontaneously activating and recording audio, with the collected information being shared with third parties, have brought the issue of personal data protection regulations back to the forefront. Cybersecurity expert Dr. Erdal Baş, who highlighted the legal regulations regarding the protection of personal data, stated that companies or individuals who obtain, use, or transfer personal data to third parties without complying with legal regulations may face sanctions.
Dr. Erdal Baş, who is an instructor in the Cybersecurity Master's Program at Üsküdar University's Graduate School of Sciences, evaluated the class action lawsuit filed against Apple, the U.S. tech giant, for allegedly violating users' privacy through its voice assistant technology "Siri." Apple has agreed to a settlement and will pay $95 million.
Apple agreed to pay, even though it did not accept the allegations!
Dr. Erdal Baş reminded that, according to publicly available information, the Apple Siri case was filed as a class action, and the agreement for a total payment of $95 million to eligible individuals is awaiting court approval. He explained that "According to the agreement, a payment of $20 per device is anticipated for up to 5 devices per person. The claims that formed the basis of the lawsuit were related to the fact that the Siri app sometimes activated spontaneously, recorded audio, collected this information, and shared it with third parties without obtaining users' consent. Apple, without accepting these allegations, stated that it reached the settlement to prevent the continuation of the legal process."
The importance of personal data security!
Referring to the legal regulations regarding the protection of personal data, Dr. Erdal Baş continued his remarks as follows: "Legal regulations concerning the protection of personal data generally state that personal data can only be collected with explicit consent, can be transferred to third parties, and stored. This data can only be used for the purpose for which it was obtained. Personal data cannot be collected beyond the specified purpose, and it can only be used in a limited scope and time frame. Once the purpose is achieved or the specified period has passed, personal data must be deleted, unless retention is legally required. Individuals have the right to withdraw consent previously given for the collection and storage of their data, request that their data be updated or deleted, or that it be anonymized to prevent personal identification."
People have the right to know which data is collected, stored, and used!
Dr. Baş also noted that companies or individuals who obtain, use, or transfer personal data to third parties without complying with legal regulations may face sanctions. He emphasized, "Individuals have the right to know which data is collected, stored, and used or if such processing is not happening. They can request corrections or updates to their personal data, withdraw previously given consent, and make similar requests. Individuals also have the right to contact the data controllers (the entities responsible for the data) to have these requests fulfilled. If these requests are not fulfilled within a specified period, they can file a complaint with the regulatory body (Personal Data Protection Authority)."
Individuals have the right to seek compensation for their damages
Dr. Erdal Baş also pointed out that violations of the rules regarding personal data protection could result in both criminal and administrative sanctions, including imprisonment and fines. He added, "In addition, individuals have the right to seek compensation for their damages, both material and immaterial, as stipulated in personal data protection regulations."
Prevention of unauthorized access to personal data
He concluded by saying, "To prevent unauthorized access to personal data, necessary precautions for electronic information security must be adhered to. In addition to taking precautions against harmful software, individuals should avoid sharing personal data unless necessary, especially when using the internet and social media."
Üsküdar News Agency (ÜNA)