Apple should be fined $6.4 million over iOS 14 privacy, says French advisor

Apple headquarters

AppleInsider may earn an affiliate commission on purchases made through links on our site.

An advisor to the French privacy authority says Apple should be fined six million euros, arguing that iOS 14 didn't meet EU privacy requirements.

The rapporteur, Francois Pellegrini, made the recommendation to the Commission nationale de l'informatique et des libertes (CNIL), after it investigated a complaint filed in 2021 by lobby group France Digitale.

France Digitale argued that when iOS 14 asked users whether or not they wanted third-party apps to track them, default settings let Apple carry out its ad campaigns without asking iPhone users for prior consent.

Pellegrini said the failure of Apple to ask users for consent properly in iOS 14.6 was a breach of privacy rules under the EU's ePrivacy directive. However, he added that changes made in iOS 15 allowed for prior authorization from the user.

Data privacy rules from the EU say that all companies must ask visitors online if they agree to have some of their data collected via trackers or other tools.

By default, App Tracking Transparency — added in iOS 14.5 — is turned off, which means that all new app tracking requests are automatically denied. But France Digitale alleged that the setting let Apple share the data it collects with affiliated companies without warning users.

At the hearing, Gary Davis, Apple's head of privacy, disagreed with Pellegrini's conclusions.

"The absence of any seriousness to the breach...means that the amount of the fine should be decreased," he said according to a report by Reuters on Monday. Davis also requested that the amount of any fine not be made public.

CNIL's sanction body is free to ignore the rapporteur's recommendations, but they do significantly influence the authority's final decision.

Other claims against Apple

A report from November 2022 also put Apple's privacy practices into question. Apple is allegedly able to identify a user in analytics it collects, according to security researchers, using a unique identifier that can be associated with a user's iCloud account.

The identifier is included in all analytics data the App Store sends to Apple, and other apps receive the same data. The researchers conclude that "your detailed behavior when browsing apps on the App Store is sent to Apple and contains the ID needed to link the data to you."

Apple has previously and publicly asserted that it isn't in the business of selling user data, and also explains how it uses data in its ad platforms in its privacy policy.