Two privacy complaints filed by Max Schrems campaign group draws robust response from Apple, which labels allegations as ‘factually inaccurate’
Apple has been stung by two complaints from Austrian privacy group Noyb, which filed complaints in Germany and Spain alleging Apple’s use of a tracking code on iPhones (called IDFA) breaches European law.
But Apple is not taking the allegations by Noyb lying down, and the firm which prides itself on its robust privacy stance in its marketing content, issued a robust response to the complaints.
The central thrust of the Noyb’s complaints concern Apple’s use of a tracking code, known as the Identifier for Advertisers (IDFA), which is automatically generated on every iPhone when it is set up.
This IDFA code is stored on every smartphone without user consent, and makes it possible to track a user’s online behaviour and consumption preferences.
This is highly valuable data for advertisers, and is one of the reasons why people tend to get start getting targetted adverts when they browse a particular item online.
“Apple places codes that are comparable to a cookie in its phones without any consent by the user. This is a clear breach of European Union privacy laws,” Noyb lawyer Stefano Rossetti was quoted by Reuters as saying.
Rossetti referred to the EU’s e-Privacy Directive, which requires a user’s consent before installation and using such information.
Noyb reportedly said its claims were based on the 2002 e-Privacy Directive that allows national watchdogs to impose fines autonomously, avoiding lengthy proceedings it faced in its case against Facebook that was based on the EU’s General Data Protection Regulation (GDPR).
The GDPR regime launched in 2018 included a mandatory cooperation mechanism among national authorities, but Noyb alleges that this has slowed progress.
Rossetti said the action aimed to establish a clear principle that “tracking must be the exception, not the rule”.
But it took the decision to delay this change to early 2021 after warnings over the impact it could have on Facebook and other mobile advertisers.
And according to Reuters, Noyb’s Rosetti doesn’t think this feature would make a difference.
“It’s not clear, for example, if the tracker will still be created and then some sort of technical mechanism will hinder third parties from accessing it,” he said. “And what about Apple? Will the company access the tracker? Again it’s not clear.”
“In a sense, it does not concern this action because … our point is that the tracker should not be created/installed in the first place (at least without the user’s informed and freely given consent).”
Noyb said its complaints weren’t based on GDPR, which means that the Spanish and German regulators can fine Apple directly without having to cooperate with other data protection authorities in the bloc under GDPR rules.
But Apple has directly rebutted the claims filed by Noyb, saying they were “factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint”.
Apple also said it “does not access or use the IDFA on a user’s device for any purpose”.
According to Reuters, Apple said its aim was to protect the privacy of its users and that the latest release of its iOS 14 operating system gave users greater control over whether apps could link with third parties for the purposes of targeted advertising.
“Our practices comply with European law and support and advance the aims of the GDPR and the ePrivacy Directive, which is to give people full control over their data,” Apple reportedly said.