Apple hit with privacy complaints over iPhone tracking tool
Apple's Identifier for Advertisers activates without consent and violates the EU's Cookie Law, say privacy campaigners
A privacy group has filed complaints against Apple over a tool in iOS 14 that allegedly tracks iPhone user behaviour without consent.
The Noyb group, led by privacy campaigner Max Schrems, has filed complaints with the German and Spanish data protection authorities under the EU's Cookie Law.
The group claims that Apple's Identifier for Advertisers (IDFA) activates when a user sets up an iPhone without offering a chance to consent or even notifying them of its existence. The IDFA is a type of code that stores online behavioural data. It acts as 'license plate' for each iPhone, that third-parties can use to target individuals with advertising.
The complaint is based on Article 5(3) of the EU Cookie Law, or ePrivacy Directive, which allows both Spanish and German authorities to impose penalties on Apple without cooperation with the EU.
The Cookie Law is an older legal act that was passed in 2002 to deal with cookies, data retention and unsolicited e-mailing. Although a directive and not regulation, the law is legally binding in all member states, much like GDPR, but it's open to some interpretation.
Noyb has chosen this avenue of complaint to avoid GDPR and what it called its "endless procedures".
"As the complaint is based on Article 5(3) of the e-Privacy Directive and not the GDPR, the Spanish and German authorities can directly fine Apple, without the need for cooperation among EU Data Protection Authorities as under GDPR," the group says.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Noyb is also involved in legal action against Facebook, which is GDPR-based. However, this is the first privacy complaint filed against Apple in the EU.
Apple has recently announced plans to change its IDFA system, restricting use for third-parties, but not for Apple itself, according to Noyb.
"We believe that Apple violated the law before, now and after these changes," said Stefano Rossetti, Noyb's privacy lawyer.
"With our complaints, we want to enforce a simple principle: trackers are illegal unless a user freely consents. The IDFA should not only be restricted but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default."
In a statement given to IT Pro, an Apple spokesperson slammed Nyob's accusations as "inaccurate" and said it "looks forward to making that clear to privacy regulators should they examine the complaint."
"Apple does not access or use the IDFA on a user’s device for any purpose. Our aim is always to protect the privacy of our users and our latest software release, iOS 14, is giving users even greater control over whether or not they want to allow apps to track them by linking their information with data from third parties for the purpose of advertising, or sharing their information with data brokers," the spokesperson continued.
"Our practices comply with European law and support and advance the aims of the GDPR and the ePrivacy Directive, which is to give people full control over their data.”
There is a similar system used by Google, according to Noyb, which it is also looking into.
Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.
Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.