Activists File Privacy Complaints Over Apple’s User Tracking Codes

Apple is considered more respectful of privacy than some of its rivals, but complaints have been filed in Spain and Germany that demands the US manufacturer stops tracking the online behavior of users without their consent. The complaints were filed by Max Schrems’ noyb group, which has scored several important victories in cases involving American tech companies and European privacy law. This case focuses on the use of Apple’s identifier for advertisers (IDFA), which noyb argues is equivalent to a cookie in the way it tracks what a user is doing across the internet. Users are neither made aware of IDFA, nor do they currently have any opportunity to switch off the tracking technology.

Stefano Rossetti, a noyb spokesperson and privacy lawyer said:

EU law protects our devices from external tracking. Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used. While Apple introduced functions in their browser to block cookies, it places similar codes in its phones, without any consent by the user. This is a clear breach of EU privacy laws.

The IDFA code is used by advertisers to target users. Apple is understood to be working on giving users the option to decide if third parties can have access to their IDFA, but noyb argues EU rules would continue to be broken because Apple would still have the ability to use IDFA. Previous cases reviewed by the EU’s top court, the Court of Justice for the European Union (CJEU), have firmly applied the principle that users must give explicit consent before non-essential tracking can begin.

A statement given by Apple to TechCrunch says noyb’s case is “factually inaccurate” and that “Apple does not access or use the IDFA on a user’s device for any purpose”. The mind boggles at how any regulator or court could determine the truth of a statement that effectively admits tracking has been made technologically possible but claims the technology is not actually being used by the business which developed it. You can read the TechCrunch article here.

If proven correct, Apple will have violated the European Union’s e-Privacy Directive. These rules predate the adoption of GDPR and mean that each national authority in the EU can levy fines on Apple without needing to involve other authorities in the process. The adoption of GDPR has generated plenty of headlines that suggest the privacy of Europeans is being protected but this often comes from lazy journalists who will report on the instigation of a case but never mention the painfully slow progress towards any enforcement action. noyb is hoping that identifying a violation of the e-Privacy Directive will lead to more rapid curtailment of Apple’s tracking technology.

You can read noyb’s statement here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.