One of the more controversial elements of Apple’s Application Tracking Transparency (ATT) framework concerns the exceptions the company makes for a variety of its own pre-installed apps. A complaint filed by an industry lobby group and a subsequent investigation led the rapporteur for France’s main data protection agency (CNIL) to recommend a six million euro fine for breaching the Union’s ePrivacy Directive European due to privacy violations.
Unlike fines imposed due to violations of the General Data Protection Regulation (GDPR), an ePrivacy action can be taken directly by the CNIL without the involvement of other nations. The rapporteur’s decision is not binding, but it generally carries significant weight in the CNIL’s final decision.
Privacy Violations Related to the Structure of iOS 14
The April 2021 iOS 14.5 release was the first to implement Apple’s ATT framework, which requires third-party app developers to present end users with a standard notification of any targeted ad tracking and seek their consent. The function of the app should not be reduced in any way if the user opts out, which has raised concerns for the advertising industry and app developers who depend on it for their income.
Critics were quick to point out that Apple excluded a number of its own apps from this requirement, even though they collected data used for targeted advertising (such as News and the App Store). Apple’s argument is that since this information is kept within its own ecosystem and not shared with third parties, the ATT rules do not apply.
Apple has since added consent notifications starting with iOS 15 (released September 2021), but it may have violated the ePrivacy directive before that. The directive requires notification and affirmative prior consent to the collection of personal data to avoid privacy breaches, even if only for first-party use.
Rapporteur François Pellegrini’s recommendation follows a CNIL investigation that was triggered by a complaint from tech industry lobbying group France Digitale, filed in 2021. The lobbying group represents many European startups and entrepreneurial companies as well than big names, such as Oracle and WeWork.
Apple is challenging the decision, but apparently not on the grounds that privacy breaches occurred. Privacy chief Gary Davis instead argued that there was not “seriousness enough in the breach” to merit the fine and said Apple would push for it. a lower amount. The CNIL does not have a specific timeframe for making a decision, but tends to be among the fastest agencies in Europe to make decisions and will not be bogged down by the usual GDPR process that would have required input from nations. of the whole block.
Apple ties its fortunes to device privacy, but continues to run into regulatory issues in Europe
The introduction of the ATT framework was meant to signal a shift in focus from Apple, pushing its company to focus on marketing on premium hardware and preventing privacy breaches rather than accommodating third-party advertisers. . However, the company continues to tangle with European regulators over a variety of issues, including antitrust concerns related to terms Apple sets for developers who sell through its app store.
Apple has just been fined a whopping 1.1 billion euros by the French antitrust regulator, although the amount was reduced to 372 million euros on appeal. This decision was not for privacy violations, but for a price-fixing charge implicating Apple and several distributors conspiring to fix the prices of the devices. It has also paid much lower fines in the past for other antitrust violations and a charge that it intentionally throttled older iPhone models to trick customers into buying new ones.
Apple faces ongoing antitrust scrutiny of its various policies for third-party developers selling through the App Store, though the incorporation of user privacy violations into such claims is a relatively recent development. Apple has been battling with Spotify and other app developers for longer over the mandatory fee of up to 30% it charges on transactions, with the developers claiming Apple has monopoly power given that it doesn’t There are only two real app market options.
Europe is not his only source of trouble; Apple was also the subject of a class-action lawsuit for breach of privacy, under California law requirements that prevent the collection of browsing and internet activity information without proper consent. Apple devices have an “Allow apps to request tracking” setting that allegedly prevents this collection when disabled, but the lawsuit argues that many first-party apps (such as the App Store and Stocks) continue to record these. information even when tracking is not permitted. by the user. The information collected includes where users tap the screen, what they search for in Apple apps, and which advertisements they have previously viewed, among other things.
0 Comments