Privacy watchdogs in Europe are looking into a complaint filed by Ashley Gjvik, a former Apple employee, who claims the corporation sacked her after she voiced a variety of concerns, both internally and publicly, including about workplace safety. Gjvik, a former Apple senior engineering program manager, was sacked in September after raising concerns about the company’s attitude to employee privacy, some of which were covered by The Verge in an August 2021 piece.
Apple had put Gjvik on administrative leave at the time after he raised issues about sexism in the workplace, as well as a hostile and hazardous working environment, which it stated it was looking into. She then filed complaints with the National Labor Relations Board in the United States. Gjvik says she wants international oversight of Apple’s privacy practices after it formally told the US government its reasons for firing her — and “felt comfortable admitting they’d fire employees for protesting invasions of privacy,” as she puts it — accusing Apple of using her concerns about its approach to employee privacy as a pretext to terminate her for reporting wider infringements of privacy.
The Information Commissioner’s Office (ICO) in the United Kingdom and the CNIL in France both verified that Gjvik’s privacy complaint against Apple had been received. “We are aware of this situation and will analyze the material presented,” an ICO spokeswoman told TechCrunch.
The CNIL in France has also confirmed that it is investigating Gjvik’s allegation. “This complaint has been received and is presently being examined,” a CNIL spokeswoman said, adding, “I cannot provide any additional specifics at this moment.” The Telegraph was the first to report on the event, reporting that it is believed to be the first time Gjvik has attempted to pursue her privacy suit against Apple in the United Kingdom.
Apple’s main data protection regulator in the European Union for the pan-EU General Data Protection Regulation (GDPR) — and which, under the regulation’s one-stop-shop mechanism, would likely take the lead on any investigation related to a GDPR complaint that’s also been lodged with other EU privacy regulators (such as France’s CNIL) — has declined to comment. Gjvik’s allegation was not confirmed or denied by the DPC. “The DPC cannot comment on specific instances,” a representative for the DPC stated. Where appropriate, all inquiries that come before the DPC are examined and processed in accordance with the DPC’s complaint-handling duties.”
A number of GDPR investigations into Apple data processing methods — including the company’s privacy rules — are continuing in Ireland, but the DPC has yet to make a judgement in connection to those multi-year inquiries. Given the Irish regulator’s large GDPR case file backlog, if the DPC decides to begin a new investigation into Apple, it would likely take years to reach a public conclusion. Gjvik urges regulators to “investigate the matters I raised and open a larger investigation into these topics within Apple’s corporate offices globally,” adding that “Apple claims that human rights do not differ based on geographic location, yet Apple admits that the French and German governments would never allow it to do what it is doing in Cupertino, California and elsewhere.”
