France data protection authority hints Apple advertising may violate GDPR
France's data protection authority is scrutinizing whether Apple's first-party advertising practices comply with privacy regulations in the European Union.
Credit: AppleInsider
In a note dated Dec. 17 and seen by Politico, the Commission on Informatics and Liberty (CNIL) gave an opinion to France's competition authority to inform a dispute between Apple and four organizations representing the French advertising ecosystem.
Specifically, the note suggests Apple's own targeted advertising practices for first-party platforms like the App Store and Apple News may run afoul of GDPR rules.
"Apple's advertising processing requires consent when it involves reading or writing data on the user's device. Apple's practices suggest a lack of consent collection," the CNIL advises.
The case that pitted Apple against the advertising organization centered on whether the company's upcoming App Tracking Transparency feature is anti-competitive. On March 17, CNIL and France's competition regulators both backed Apple's side in the case.
According to the internal CNIL document, signed by agency president Marie-Laure Denis, the privacy feature feature is in line with GDPR rules.
However, it appears that the CNIL believes Apple's own targeted advertising practices are another story. The internal CNIL note is worded carefully, since the group was only asked to inform and not investigate the case. It still hints that Apple could be on the wrong side of regulations.
More specifically, it suggests that Apple is not getting consent to collect user data. Apple, for its part, argues that it doesn't need to do so because it doesn't engage in tracking. The CNIL hints that Apple's definition of tracking may be too narrow.
If it's confirmed that Apple does need to collect consent, and that consent isn't properly collected, "the situation would be a major breach of regulations," the CNIL wrote.
According to Politico>, Apple provided a reply to the points raised by the CNIL in January. The content of Apple's response isn't currently known.
Currently, the CNIL is investigating the matter in the context of the aforementioned ATT complaint filed by French advertisers.
Credit: AppleInsider
In a note dated Dec. 17 and seen by Politico, the Commission on Informatics and Liberty (CNIL) gave an opinion to France's competition authority to inform a dispute between Apple and four organizations representing the French advertising ecosystem.
Specifically, the note suggests Apple's own targeted advertising practices for first-party platforms like the App Store and Apple News may run afoul of GDPR rules.
"Apple's advertising processing requires consent when it involves reading or writing data on the user's device. Apple's practices suggest a lack of consent collection," the CNIL advises.
The case that pitted Apple against the advertising organization centered on whether the company's upcoming App Tracking Transparency feature is anti-competitive. On March 17, CNIL and France's competition regulators both backed Apple's side in the case.
According to the internal CNIL document, signed by agency president Marie-Laure Denis, the privacy feature feature is in line with GDPR rules.
However, it appears that the CNIL believes Apple's own targeted advertising practices are another story. The internal CNIL note is worded carefully, since the group was only asked to inform and not investigate the case. It still hints that Apple could be on the wrong side of regulations.
More specifically, it suggests that Apple is not getting consent to collect user data. Apple, for its part, argues that it doesn't need to do so because it doesn't engage in tracking. The CNIL hints that Apple's definition of tracking may be too narrow.
If it's confirmed that Apple does need to collect consent, and that consent isn't properly collected, "the situation would be a major breach of regulations," the CNIL wrote.
According to Politico>, Apple provided a reply to the points raised by the CNIL in January. The content of Apple's response isn't currently known.
Currently, the CNIL is investigating the matter in the context of the aforementioned ATT complaint filed by French advertisers.
Comments
Please tell me if I'm wrong.
There’s also the question on how either party defines tracking. But big part of GDPR is consent, and users understand what they consent to, if they do. But yeah this article doesn’t mean that there are any actual problems, it’s just Apple gets noted (and leaked to news) easier than the other hundred companies CNIL contacts.
That would also beg the question of why haven’t the French authorities investigated this kind of things before since it is so flagrant that millions of apps actually read data from user devices in order to track! It has been on the news thousands of times.
But still we have to question why does Apple put itself in this place. It would have been so easy for them to avoid this kid of attack (one question during setup)... it is not like they need any kind of tracking in order to make enough money.
What I do not remember is when/where I provided consent? Is it when I install the OS, probably?
What is not readily apparent, is how I request my data or request to be forgotten, those provisions are part of GDPR.
Like others have said, regulations attempting to protect consumers are nice but the implementation is awfully annoying. I cannot visit a web site, without replying 2-3 alerts popping up, cookie policy, email sign up, etc.
Well, Google collects customer data whether the the customer wants to or not. Of course you will reply that Google is the Virgin Mary Immaculate as far as privacy is concerned, right?