Apple has quietly rolled out a feature called Enhanced Visual Search, which uses AI to identify landmarks in photos stored on iOS and macOS devices. This feature was enabled by default, raising privacy concerns among users and experts.
In October 2024, Apple introduced Enhanced Visual Search with iOS 18.1 and macOS 15.1, allowing users to search photos by landmarks. The feature uses homomorphic encryption which is the ability to manipulate encrypted data without knowing the specifics of that data – to analyze images without revealing their content to Apple. However, the feature was activated without explicit user consent, and many users only recently became aware of it.
Software developer Jeff Johnson criticized Apple for not clearly communicating the feature's activation, stating, "Apple has taken the choice out of my hands and enabled the online service by default." Privacy expert Matthew Green expressed frustration over the lack of transparency, noting, "It’s very frustrating when you learn about a service two days before New Year's and find that it’s already been enabled on your phone."
Apple claims the use of homomorphic encryption and differential privacy, a technique that enables Apple to learn about the user community without learning about individuals in the community, ensures user data remains private. However, critics argue that the lack of an opt-in process undermines user autonomy. Michael Tsai, a software developer, pointed out that the feature uploads metadata even if users opt out of iCloud photo uploads, raising further privacy concerns.
Related: Is email metadata a risk to HIPAA compliance in email communications?
Organizations should conduct thorough privacy impact assessments and ensure transparency with users about data processing practices. Implementing clear opt-in mechanisms and providing detailed information about data handling can help maintain compliance with privacy regulations.
Read more: Using AI for HIPAA compliance
Organizations can prioritize user consent by making features opt-in rather than default. Providing clear communication and easy-to-access settings for disabling features can help address user concerns and build trust.
Organizations should adopt privacy-by-design principles, integrating privacy considerations into the development process. Regular audits and updates to privacy policies, along with user education, can help balance innovation with privacy protection.