Mike Peterson
France's data protection authority is scrutinizing whether Apple's first-party advertising practices comply with privacy regulations in the European Union.
In a note dated Dec. 17 and seen by Politico, the Commission on Informatics and Liberty (CNIL) gave an opinion to France's competition authority to inform a dispute between Apple and four organizations representing the French advertising ecosystem.
Specifically, the note suggests Apple's own targeted advertising practices for first-party platforms like the App Store and Apple News may run afoul of GDPR rules.
"Apple's advertising processing requires consent when it involves reading or writing data on the user's device. Apple's practices suggest a lack of consent collection," the CNIL advises.
The case that pitted Apple against the advertising organization centered on whether the company's upcoming App Tracking Transparency feature is anti-competitive. On March 17, CNIL and France's competition regulators both backed Apple's side in the case.
According to the internal CNIL document, signed by agency president Marie-Laure Denis, the privacy feature feature is in line with GDPR rules.
However, it appears that the CNIL believes Apple's own targeted advertising practices are another story. The internal CNIL note is worded carefully, since the group was only asked to inform and not investigate the case. It still hints that Apple could be on the wrong side of regulations.
More specifically, it suggests that Apple is not getting consent to collect user data. Apple, for its part, argues that it doesn't need to do so because it doesn't engage in tracking. The CNIL hints that Apple's definition of tracking may be too narrow.
If it's confirmed that Apple does need to collect consent, and that consent isn't properly collected, "the situation would be a major breach of regulations," the CNIL wrote.
According to Politico>, Apple provided a reply to the points raised by the CNIL in January. The content of Apple's response isn't currently known.
Currently, the CNIL is investigating the matter in the context of the aforementioned ATT complaint filed by French advertisers.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
13 Comments
I think Apple's move in general complies with the European GDPR laws. Seems like France has their head in a dark place and loving the smell.
Please tell me if I'm wrong.
If they end up saying that Apple is violating then basically that means that all apps need to get consent for any tracking they do inside themselves, which means that ATT is not doing enough since it only asks about tracking with third parties!
That would also beg the question of why haven’t the French authorities investigated this kind of things before since it is so flagrant that millions of apps actually read data from user devices in order to track! It has been on the news thousands of times.
But still we have to question why does Apple put itself in this place. It would have been so easy for them to avoid this kid of attack (one question during setup)... it is not like they need any kind of tracking in order to make enough money.
I like the concept of GDPR. It's just a pity that all these websites that force you to say "Okay" to cookies are considered GDPR-compliant.