Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

France data protection authority hints Apple advertising may violate GDPR

Mike Peterson |

Credit: AppleInsider

France's data protection authority is scrutinizing whether Apple's first-party advertising practices comply with privacy regulations in the European Union.

In a note dated Dec. 17 and seen by Politico, the Commission on Informatics and Liberty (CNIL) gave an opinion to France's competition authority to inform a dispute between Apple and four organizations representing the French advertising ecosystem.

Specifically, the note suggests Apple's own targeted advertising practices for first-party platforms like the App Store and Apple News may run afoul of GDPR rules.

"Apple's advertising processing requires consent when it involves reading or writing data on the user's device. Apple's practices suggest a lack of consent collection," the CNIL advises.

The case that pitted Apple against the advertising organization centered on whether the company's upcoming App Tracking Transparency feature is anti-competitive. On March 17, CNIL and France's competition regulators both backed Apple's side in the case.

According to the internal CNIL document, signed by agency president Marie-Laure Denis, the privacy feature feature is in line with GDPR rules.

However, it appears that the CNIL believes Apple's own targeted advertising practices are another story. The internal CNIL note is worded carefully, since the group was only asked to inform and not investigate the case. It still hints that Apple could be on the wrong side of regulations.

More specifically, it suggests that Apple is not getting consent to collect user data. Apple, for its part, argues that it doesn't need to do so because it doesn't engage in tracking. The CNIL hints that Apple's definition of tracking may be too narrow.

If it's confirmed that Apple does need to collect consent, and that consent isn't properly collected, "the situation would be a major breach of regulations," the CNIL wrote.

According to Politico>, Apple provided a reply to the points raised by the CNIL in January. The content of Apple's response isn't currently known.

Currently, the CNIL is investigating the matter in the context of the aforementioned ATT complaint filed by French advertisers.

13 Comments

macseeker 8 Years · 541 comments
About

I think Apple's move in general complies with the European GDPR laws.  Seems like France has their head in a dark place and loving the smell.

Please tell me if I'm wrong.

reroll 11 Years · 60 comments
About

macseeker said:
I think Apple's move in general complies with the European GDPR laws.  Seems like France has their head in a dark place and loving the smell.

Please tell me if I'm wrong.
GDPR, just like CCPA, is ultimately about a consent for some data collection on specified purposes. I do not remember consenting to anything in that regard for Apple ads or related on my iPhone or Mac. So if they are indeed collecting data then they would breach regulations (or I forgot I gave my consent...). I would be very surprised this is the case, and from what I gathered from the article no one is saying Apple breached anything, there’s simply a commission doing its job and checking everything is compliant.

nadriel 5 Years · 92 comments
About

macseeker said:
I think Apple's move in general complies with the European GDPR laws.  Seems like France has their head in a dark place and loving the smell.

Please tell me if I'm wrong.

Seems that they do comply, but it’s always good to check that they actually do. This is standard practice for checking if company X follow regulation Y. It also gives company X legal ground that they’ve been checked and they have been proved to follow the regulation in question in case of a lawsuit.

There’s also the question on how either party defines tracking. But big part of GDPR is consent, and users understand what they consent to, if they do. But yeah this article doesn’t mean that there are any actual problems, it’s just Apple gets noted (and leaked to news) easier than the other hundred companies CNIL contacts.

ppietra 14 Years · 288 comments
About

If they end up saying that Apple is violating then basically that means that all apps need to get consent for any tracking they do inside themselves, which means that ATT is not doing enough since it only asks about tracking with third parties!
That would also beg the question of why haven’t the French authorities investigated this kind of things before since it is so flagrant that millions of apps actually read data from user devices in order to track! It has been on the news thousands of times.

But still we have to question why does Apple put itself in this place. It would have been so easy for them to avoid this kid of attack (one question during setup)... it is not like they need any kind of tracking in order to make enough money.

bestkeptsecret 13 Years · 4289 comments
About

I like the concept of GDPR. It's just a pity that all these websites that force you to say "Okay" to cookies are considered GDPR-compliant. 

Read More on our Forums ->
 

Sponsored Content

article thumbnail

How to stop spam calls and reclaim some sanity on your iPhone

Top Stories

article thumbnail

How Apple's smart home revolution begins in 2025

article thumbnail

AirPods Max four years later: a missed spatial computing opportunity

article thumbnail

Apple says EU interoperability laws pose severe privacy risks

article thumbnail

Don't believe what you see on TikTok - AirDrop doesn't allow thieves to steal your credit card info

article thumbnail

Holiday 2024 MacBook Buyer's Guide — Which Mac laptop you should buy?

article thumbnail

Holiday coupon: save up to $300 on every 14" & 16" MacBook Pro M4