Max Schrems’ group alleges that Apple tracks users without their consent
Last Updated: Nov. 17, 2020 By Jack Denton
Apple previously said that it would tighten its own rules around third-party data usage. ALASTAIR PIKE/AGENCE FRANCE-PRESSE/GETTY IMAGES
Apple faces two strategic privacy complaints in Europe by Max Schrems, a digital activist who has successfully taken on Facebook’s user data practices.
Schrems’ Vienna-based nonprofit Noyb (as in “none of your business”) filed privacy complaints with German and Spanish regulators, alleging that Apple AAPL, +0.87% tracks users without their consent, in violation of European Union law.
The complaints focus on Apple’s Identifier for Advertisers (IDFA), a unique tracking code generated by each iPhone that allows Apple, app developers, and advertisers to track and target ads.
Noyb alleges that the default inclusion of IDFAs on iPhones is in breach of the EU’s 2011 “Cookie Law,” which requires informed and unambiguous consent from users to store their data.
Plus: Google, Facebook and Apple in the crosshairs as lawmakers agree on EU intervention in Big Tech
An IDFA “allows Apple and all apps on the phone to track a user and combine information about online and mobile behavior,” Noyb said in a statement. “Apple places these tracking codes without the knowledge or agreement of the users.”
The two complaints were made through the EU’s e-privacy directive, and not the sweeping General Data Protection Regulation (GDPR), which means that German and Spanish regulators can fine Facebook without cooperating with the bloc’s authorities.
“EU law protects our devices from external tracking. Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used,” said Stefano Rossetti, a privacy lawyer with Noyb.
Schrems is a high-profile activist who has successfully taken on Facebook FB, +0.72% for transferring Europeans’ data to the U.S. He has argued that, given the revelations of government surveillance made public by whistleblower Edward Snowden, the U.S. doesn’t provide sufficient protection for user data.
In 2015, his complaint to authorities in Ireland — Facebook’s base in Europe — led to the invalidation of the Safe Harbour agreement, which governed trans-Atlantic data storage. Earlier this year, following another complaint from Schrems, the highest court in the EU ruled that Safe Harbour’s successor, the U.S.-EU Privacy Shield, doesn’t adequately protect user data.
Also: Google is being targeted by these tech companies urging regulators to take action against its ‘clear abuse of dominance’
Apple previously said that it would tighten its own rules around third-party data usage, requiring apps to ask users’ permission to opt-in to IDFA tracking, in the latest software update, iOS 14. However, the company backpedaled on the idea in September, delaying the changes until early next year to give developers more time to make adjustments.
Noyb’s position is that Apple’s proposed changes aren’t enough to satisfy EU privacy requirements. “These changes seem to restrict the use of the IDFA for third parties (but not for Apple itself),” the group said. “However, the initial storage of the IDFA and Apple’s use of it will still be done without the users’ consent and therefore in breach of EU law.”
“The IDFA should not only be restricted, but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default,” Rossetti said.
MarketWatch reached out to Apple for comment.
Apple previously said that it would tighten its own rules around third-party data usage. ALASTAIR PIKE/AGENCE FRANCE-PRESSE/GETTY IMAGES
Apple faces two strategic privacy complaints in Europe by Max Schrems, a digital activist who has successfully taken on Facebook’s user data practices.
Schrems’ Vienna-based nonprofit Noyb (as in “none of your business”) filed privacy complaints with German and Spanish regulators, alleging that Apple AAPL, +0.87% tracks users without their consent, in violation of European Union law.
The complaints focus on Apple’s Identifier for Advertisers (IDFA), a unique tracking code generated by each iPhone that allows Apple, app developers, and advertisers to track and target ads.
Noyb alleges that the default inclusion of IDFAs on iPhones is in breach of the EU’s 2011 “Cookie Law,” which requires informed and unambiguous consent from users to store their data.
Plus: Google, Facebook and Apple in the crosshairs as lawmakers agree on EU intervention in Big Tech
An IDFA “allows Apple and all apps on the phone to track a user and combine information about online and mobile behavior,” Noyb said in a statement. “Apple places these tracking codes without the knowledge or agreement of the users.”
The two complaints were made through the EU’s e-privacy directive, and not the sweeping General Data Protection Regulation (GDPR), which means that German and Spanish regulators can fine Facebook without cooperating with the bloc’s authorities.
“EU law protects our devices from external tracking. Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used,” said Stefano Rossetti, a privacy lawyer with Noyb.
Schrems is a high-profile activist who has successfully taken on Facebook FB, +0.72% for transferring Europeans’ data to the U.S. He has argued that, given the revelations of government surveillance made public by whistleblower Edward Snowden, the U.S. doesn’t provide sufficient protection for user data.
In 2015, his complaint to authorities in Ireland — Facebook’s base in Europe — led to the invalidation of the Safe Harbour agreement, which governed trans-Atlantic data storage. Earlier this year, following another complaint from Schrems, the highest court in the EU ruled that Safe Harbour’s successor, the U.S.-EU Privacy Shield, doesn’t adequately protect user data.
Also: Google is being targeted by these tech companies urging regulators to take action against its ‘clear abuse of dominance’
Apple previously said that it would tighten its own rules around third-party data usage, requiring apps to ask users’ permission to opt-in to IDFA tracking, in the latest software update, iOS 14. However, the company backpedaled on the idea in September, delaying the changes until early next year to give developers more time to make adjustments.
Noyb’s position is that Apple’s proposed changes aren’t enough to satisfy EU privacy requirements. “These changes seem to restrict the use of the IDFA for third parties (but not for Apple itself),” the group said. “However, the initial storage of the IDFA and Apple’s use of it will still be done without the users’ consent and therefore in breach of EU law.”
“The IDFA should not only be restricted, but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default,” Rossetti said.
MarketWatch reached out to Apple for comment.
No comments:
Post a Comment