Apple has put privacy at the center of users’ sales, but an internal document from the French Data Protection Supervisor suggests that the iPhone manufacturer’s targeted advertising practices can be problematic.
According to the 13-page confidential note seen by POLITICO, France’s CNIL data protection authority questioned Apple’s compliance with EU privacy rules. Last week, the country’s competition authority ruled Apple’s favor in a case over its new anti-tracing tool.
“Apple’s advertising processing requires consent when it involves reading or writing data on the user’s device,” CNIL wrote. “Apple’s practices indicate a lack of consent collection.”
The memorandum, dated December 17 and signed by CNIL President Marie-Laure Denis, is a statement given to the country’s competition authority to inform about a case that pits the US technology giant against four organizations representing the French electronic advertising ecosystem.
The organizations claimed that Apple’s App Tracking Transparency, the new privacy feature the company plans to launch this spring, is competitive. The feature will ask users for consent to be tracked online by third-party targeted ads.
On March 17, the competition authority supported Apple’s transparency in app tracking – and so did CNIL.
“The pop-up that the Apple company is proposing differs positively from some interfaces that do not comply with the regulations,” CNIL even wrote.
When it comes to Apple’s own advertising platform, however, it’s a different story. The American technology giant may be on the wrong side in accordance with EU privacy rules, the watchdog suggests. In early January, Apple provided an answer to the points CNIL raised.
CNIL’s wording is cautious because the regulator was only asked to inform a case, not to investigate it. But further down the line, the regulator’s assessment could have damning consequences for Apple, if confirmed in the context of a privacy complaint lodged in March by start-up lobby France Digitale.
The complaint, seen by POLITICO, claims that Apple violates EU privacy rules by not collecting the user’s consent to participate in targeted advertising.
Asked for comment, an Apple spokesman pointed to an earlier statement that said, “Privacy is embedded in the ads we sell on our platform. We adhere to a higher standard by allowing users to opt out of Apple’s limited first-party computer use. advertising, a feature that makes us unique. “
Consent is required, please
On the last pages of the note, CNIL is considering whether Apple needs to collect consent to use personal data for its own advertising platform, which allows app developers to target users on the App Store search results.
According to CNIL, the short answer is most likely yes.
The supervisory authority acknowledges that there are differences between privacy-friendly and data-hungry, intrusive business models, but claims that the law applies to everyone.
Apple believes that it does not need to collect users’ consent to process personal information within its own advertising platform because it does not track and due to privacy-as-standard features on the devices, the CNIL note states.
However, CNIL suggests that Apple’s definition of tracking may be too narrow, as it does not include reading or writing data from the terminal – which means the use of trackers as cookies. Any case of targeted advertising that CNIL has come across, the regulator claims, involves reading or writing data from the terminal: It seems that Apple should actually obtain consent.
And it seems that Apple does not, as personal ads are enabled by default on iPhone settings, CNIL continues.
Because CNIL’s opinion was written to inform a case led by another authority, the regulator does not reach firm conclusions about potential privacy breaches. But, says the watchdog, if it is confirmed that Apple needs to collect consent, and that consent is not actually collected, “the situation would be a major violation of the regulations.”
The Norwegian Data Protection Authority is currently formally investigating the case in connection with France Digital’s complaint.
CNIL declined to comment.
Want more analysis from POLITICO? POLITICO Pro is our first-class professional intelligence service. From financial services to commerce, technology, cybersecurity and more, Pro delivers real-time information, deep insights and devastating scoops you need to stay one step ahead. Email [email protected] to request a free trial.