Apple is considered more respectful of privacy than some of its rivals, but complaints have been filed in Spain and Germany that demands the US manufacturer stops tracking the online behavior of users without their consent. The complaints were filed by Max Schrems’ noyb group, which has scored several important victories in cases involving American tech companies and European privacy law. This case focuses on the use of Apple’s identifier for advertisers (IDFA), which noyb argues is equivalent to a cookie in the way it tracks what a user is doing across the internet. Users are neither made aware of IDFA, nor do they currently have any opportunity to switch off the tracking technology.
Stefano Rossetti, a noyb spokesperson and privacy lawyer said:
EU law protects our devices from external tracking. Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used. While Apple introduced functions in their browser to block cookies, it places similar codes in its phones, without any consent by the user. This is a clear breach of EU privacy laws.
The IDFA code is used by advertisers to target users. Apple is understood to be working on giving users the option to decide if third parties can have access to their IDFA, but noyb argues EU rules would continue to be broken because Apple would still have the ability to use IDFA. Previous cases reviewed by the EU’s top court, the Court of Justice for the European Union (CJEU), have firmly applied the principle that users must give explicit consent before non-essential tracking can begin.
A statement given by Apple to TechCrunch says noyb’s case is “factually inaccurate” and that “Apple does not access or use the IDFA on a user’s device for any purpose”. The mind boggles at how any regulator or court could determine the truth of a statement that effectively admits tracking has been made technologically possible but claims the technology is not actually being used by the business which developed it. You can read the TechCrunch article here.
If proven correct, Apple will have violated the European Union’s e-Privacy Directive. These rules predate the adoption of GDPR and mean that each national authority in the EU can levy fines on Apple without needing to involve other authorities in the process. The adoption of GDPR has generated plenty of headlines that suggest the privacy of Europeans is being protected but this often comes from lazy journalists who will report on the instigation of a case but never mention the painfully slow progress towards any enforcement action. noyb is hoping that identifying a violation of the e-Privacy Directive will lead to more rapid curtailment of Apple’s tracking technology.
You can read noyb’s statement here.