European regulators have been zeroing in on potentially nefarious anti-privacy practices from tech platforms on numerous fronts. And the latest battlefield is audio.

Over the last few months, there has been a flurry of activity from regulators in Europe and the U.S. investigating how platforms store, handle and use audio data. The stakes are high: Breaching privacy laws like the General Data Protection Regulation means painful fines of up to €20 million ($22 million) or 4% of annual global turnover, whichever is greater.

In the latest in a string of probes, the German data watchdog revealed Aug. 26, it’s opened an investigation into Facebook for how the tech company handles audio data. While specific probes from single-country data protection authorities are a step in the right direction, privacy activists want a more unified approach from European regulators.

According to agency sources, temporarily prohibiting the way a tech platform handles audio data won’t have a huge impact on the company’s revenues. But a platform’s ability to monetize audio through data collection in the future could be thwarted. Here are some things to know:

The high-profile cases so far

Aug. 26: German data protection authority, The Hamburg Commissioner for Data Protection and Freedom of Information, announced an open investigation into how Facebook uses humans to listen to Messenger audio recordings in order to improve its transcript function. The data watchdog is awaiting responses from Facebook.

Aug. 1: Google also under investigation by Hamburg’s data protection authority for the same reason as Facebook. The data watchdog ordered that Google stop transcribing audio data for three months, starting Aug. 1.

Ongoing: Apple, Amazon and Microsoft also use human reviewing to improve their speech assistants. The Irish Data Protection Commission is in talks with Apple, Amazon and Microsoft. but it currently hasn’t opened investigations.

Aug. 2: Apple announced it’s halted human reviewing Siri commands following a report several weeks earlier unearthing the practice. It was these reports that amped up media attention, particularly whistleblowers from the companies speaking out about their concerns around employees sharing recordings that were “amusing.”

Aug. 2: Amazon announced that people can now turn off humans reviewing Amazon Alexa recordings.

Regulators’ major concerns

The issue isn’t so much that platforms denied these devices were listening, said Charlie Yeates, commercial trading, partner, MediaCom London, but that they weren’t clear on how much they were recording and what they planned to do with it. Storing audio snippets requires valid user consent under GDPR, but almost all users aren’t aware of how they were being used.

Also, some of these recordings are triggered by mistake when devices misinterpret so-called “wake-words” — for instance saying “Hey Google” to trigger the device to listen — adding another layer of people hearing potentially sensitive conversations.

“This is just another case of the tech platforms taking advantage of their terms and conditions requirements and vision to build out their own data and ad platforms,” said Yeates. After all, it is the in-home speaker market that has the most potential for growth as they’re present in consumer conversations for so much, including utilities, security, TV subscriptions and household goods, he added.

Platform repercussions

The impact on the platforms, presuming they avoid fines, is pretty minimal for now. But companies have been steadily harvesting data for future advertising purposes, potentially a more robust self-service ad platform, subject to GDPR approval, said Yeates.

But for now, advertising on smart speakers is nascent: GroupM UK, for instance, has yet to place a single buy. But smart speakers have the potential to be a lucrative market. According to Google, 62% of the people who use smart speakers regularly are likely to purchase products through them. Emarketer predicts 38 million people in the U.S. will buy an item through smart speakers in 2021, up from 31 million in 2019.

People affected

Any mishandling of personal data doesn’t reflect well on the companies involved, but these recent cases against human reviewers look to have affected a relatively small number of people. Google has previously said that language experts only review around 0.2% of all its audio snippets.

According to information provided by Facebook to the Irish Data Protection Commission, the number of people affected by human reviews of Facebook Messenger voicemails in Europe in recent months is only 48. Data watchdogs have assumed this is because media attention prompted Facebook to put the kibosh on human reviewing.



“Nevertheless, the process marks an extremely disturbing trend toward human surveillance of individual communication by service providers, which affects highly personal areas and massively encroaches on the rights and freedoms of those affected,” said Johannes Caspar, the Hamburg Commissioner for Data Protection and Freedom of Information.

Next steps

Typically, governments tend to start turning the screw once the companies in question have fallen short in addressing claims or self-regulation, but it’s still not far enough, according to privacy activist group Privacy International.

“We have yet to see companies actually willing to engage on this issue and appropriately respond to the legitimate concerns of their customers,” said Eva Blum-Dumontet, a researcher at Privacy International, which sent an open letter to Amazon CEO Jeff Bezos in April.

“Hamburg’s data protection authority’s probing is a step in the right direction, but we need a more unified response from European data protection authorities,” said Blum-Dumontet. She pointed to the U.K.’s Department of Health which has signed a deal with Amazon for health advice to be delivered by Alexa as an example of areas that could lead to more privacy troubles.

“This is something we find extremely worrying,” she said.