Apple store in the mall in Ireland showing privacy complaint

New Privacy Complaint Against Apple Alleges iOS 14 Does Not Meet EU Privacy Requirements

France Digitale, a tech industry lobbying organization with a focus on startup companies, has filed a complaint against Apple with the country’s data privacy watchdog CNIL. The privacy complaint focuses on Apple’s privacy changes to iOS 14, which created new consent and notification requirements for app publishers. France Digitale argues that Apple’s refusal to apply the same standards to itself constitutes a breach of EU regulations as users of pre-installed iOS apps are subject to first-party targeted advertising without ever being asked for consent.

The privacy complaint is significant as France Digitale is one of France’s largest lobbying organizations, representing over 2,000 companies that include most of the country’s venture capital firms and heavyweight entrepreneurs. It follows similar allegations that were brought by some of France’s largest organized advertising lobbies in late 2020.

New French privacy complaint continues assault on iOS 14 privacy changes

France Digitale has reportedly filed a seven-page privacy complaint centered on Apple’s default settings and internal targeted advertising system.

Apple currently requires all third party app publishers to include a privacy “nutrition label” that outlines the personal data that is being accessed, and soon will require any apps that make use of ad tracking to first obtain affirmative consent from the user via a stock notification. Members of the advertising industry are expecting this to reduce revenue from Apple device users by a substantial margin.

Apple does not hold itself to quite the same exacting standards. While it has committed to publishing its own privacy labels for its apps, these must be sought out on the app’s web page if it is something that comes preloaded on a device. The tech giant has yet to indicate that it plans to obtain affirmative consent from its app users when their data is being accessed for its own first party Apple Search Ads network.

France Digitale notes that there is no real opt-in or opt-out option that is actively presented to end users regarding Apple Search Ads; Apple device users are roped into it by default. The lobbying agency points to EU data privacy rules established under the General Data Protection Regulation (GDPR) that require all publishers to ask website and app users if they consent to have their data used for tracking purposes, as well as informing them of their rights to view and access any data that is collected.

The proposed solution, echoed by the digital rights activist group Noyb in its own privacy complaints that have been lodged in Spain and Germany, is to require consent for any use of the unique Identifier for Advisers (IDFA) assigned to every Apple device. The privacy complaints suggest that Apple should be just as subject to this rule as anyone else.

While Apple does offer the ability to completely disable the IDFA, including for use by its own services, it is on by default and this option must be changed by going into the settings menu. This option has existed for several iterations of iOS now, but surveys show that only about 50% of Apple device users ever turn off the IDFA.

The privacy complaint is very unlikely to be resolved quickly. While it has been initially referred to France’s CNIL, it will have to move to Ireland’s Data Protection Commission at some point due to Cork being home to Apple’s EU headquarters. The Irish commission has developed a backlog of cases involving the major tech companies, along with a reputation for taking its time in processing them. The only alternative, an outside possibility, is that CNIL rules that Apple has violated the EU’s ePrivacy Directive rather than the GDPR. That would keep the case in CNIL’s hands, something that was done recently in cases involving Amazon and Google’s use of tracking cookies.

If the privacy complaint were to take hold, it could force Apple to disable the IDFA by default when it ships its devices. Apple’s initial statements indicate that it plans to vigorously contest the complaint, however. It called the allegations “patently false” and “a poor attempt by those who track users to distract from their own actions.”

Lobbying agency points to EU data #privacy rules established under the #GDPR that require all publishers to ask for consent for #usertracking. #respectdata Click to Tweet

Other privacy complaints and investigations

Apple was already facing some trouble of this nature prior to the complaint. A freshly-launched antitrust investigation by the UK’s Competition and Markets Authority joins a probe being conducted by the United States Department of Justice into Apple’s app store practices. Prior to the release of iOS 14 and the new privacy changes, Apple had been facing scrutiny over its policy of charging app developers 30% of each sale made through its app store. Developers argue that Apple’s market share and “walled garden” approach to its devices constitute unfair terms. A spokesperson for France Digitale claimed that small startups and individual entrepreneurs face a more rigorous level of scrutiny from regulators than Apple does.

 

Senior Correspondent at CPO Magazine