I remember OneDrive doing this too, where photos of parents' children taking a bath etc. were flagged as child porn. Unfortunately unless you encrypt your data locally, privacy is one of the tradeoffs in using these services.
This happens with Apple iCloud as well. Staff member had their iCloud photo collection locked because of this. Was able to regain access but I would definitely caution anyone storing all family photos online without another backup option.
According to NCMEC Apple does not do any proactive scanning of photos.
> Last year, while Meta’s Facebook and Instagram submitted a combined 26 million reports, Google 2 million, and TikTok nearly 300,000, Apple submitted 234. The year before that: 160.
> Apple isn’t a social media company, so this is hardly a direct comparison. That said, WhatsApp, which is end-to-end encrypted, scans unencrypted content such as profile and group photos for CSAM. It provided over 1 million cybertips to NCMEC in 2022; Microsoft sent in 110,000; Dropbox, nearly 46,000; and Synchronoss, the cloud storage provider for Verizon, over 30,000.
I'd venture to say Apple probably has a "less false positives" policy than the others. I can't say whether or not they do or do not scan, but if they review incidents with humans and not automated this could be why. They probably know flagging / disabling / reporting accounts incorrectly has a high cost on user satisfaction.
They canceled their plans for client-side scanning. They do scan content on their servers. Therefore whether your data in iCloud Photos is scanned depends on whether Advanced Data Protection is enabled or not. It’s disabled by default. Enabling ADP will turn on E2E encryption and disable account access via iCloud.com.