France's data protection authority is scrutinizing whether Apple's first-party advertising practices comply with privacy regulations in the European Union.
In a note dated Dec. 17 and seen by Politico, the Commission on Informatics and Liberty (CNIL) gave an opinion to France's competition authority to inform a dispute between Apple and four organizations representing the French advertising ecosystem.
"Apple's advertising processing requires consent when it involves reading or writing data on the user's device. Apple's practices suggest a lack of consent collection," the CNIL advises.
The case that pitted Apple against the advertising organization centered on whether the company's upcoming App Tracking Transparency feature is anti-competitive. On March 17, CNIL and France's competition regulators both backed Apple's side in the case.
According to the internal CNIL document, signed by agency president Marie-Laure Denis, the privacy feature feature is in line with GDPR rules.
However, it appears that the CNIL believes Apple's own targeted advertising practices are another story. The internal CNIL note is worded carefully, since the group was only asked to inform and not investigate the case. It still hints that Apple could be on the wrong side of regulations.
More specifically, it suggests that Apple is not getting consent to collect user data. Apple, for its part, argues that it doesn't need to do so because it doesn't engage in tracking. The CNIL hints that Apple's definition of tracking may be too narrow.
If it's confirmed that Apple does need to collect consent, and that consent isn't properly collected, "the situation would be a major breach of regulations," the CNIL wrote.
According to Politico>, Apple provided a reply to the points raised by the CNIL in January. The content of Apple's response isn't currently known.
Currently, the CNIL is investigating the matter in the context of the aforementioned ATT complaint filed by French advertisers.