Apple has been hit with a fine of €150 million ($162 million) by France’s competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework.
The Autorité de la concurrence said it’s imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25, 2023.
ATT, introduced by the iPhone maker with iOS 14.5, iPadOS 14.5, and tvOS 14.5, is a framework that requires mobile apps to seek users’ explicit consent in order to access their device’s unique advertising identifier (i.e., the Identifier for Advertisers or IDFA) and track them across apps and websites for purposes targeted advertising.
“Unless you receive permission from the user to enable tracking, the device’s advertising identifier value will be all zeros and you may not track them,” Apple notes on its website. “While you can display the AppTrackingTransparency prompt whenever you choose, the device’s advertising identifier value will only be returned once you present the prompt and the user grants permission.”
App developers, besides requesting for permission to track the users, are also required to state the purpose behind why such tracking is necessary in the first place.
“While the objective of the App Tracking Transparency (‘ATT’) framework is not at its core problematic, how ATT is implemented is neither necessary for nor proportionate with Apple’s stated objective of protecting personal data,” it said.
Describing ATT as “artificially complex,” the regulatory authority said the consent obtained via the framework does not meet the legal obligations required under the French Data Protection Act, requiring developers to use their own consent collection solutions. This, it added, leads to multiple consent pop-ups being displayed to users.
The Autorité also called out two kinds of asymmetry in how it’s implemented. One of them concerns the fact that consent for tracking must be confirmed by the users twice, whereas refusal is a one-step process — an aspect that it said undermines the “neutrality of the framework.”
“While publishers were required to obtain double consent from users for tracking on third-party sites and applications, Apple did not ask for consent from users of its own applications (until the implementation of iOS 15),” it pointed out. “Due to this asymmetry, the CNIL fined Apple for infringing Article 82 of the French Data Protection Act, which transposes the ePrivacy Directive.”
“The asymmetry remains today insofar as Apple has introduced a single ‘Personalized Advertising’ pop-up to collect user consent for its own data collection, while continuing to require double consent for third-party data collection by publishers.”
It’s worth noting that the order does not impose any specific changes to the framework. According to Reuters, it’s “up to the company to make sure it now complied with the ruling.” The fine is chump change for Apple, which earned a net income of $36.3 billion on revenues of $124.3 billion in the quarter ending December 28, 2024.
In a statement shared with the Associated Press, Cupertino said the ATT prompt is consistent for all developers, including itself, and that it has received “strong support” for the feature from consumers, privacy advocates, and data protection authorities globally.
About The Author
Original post here
