Apple hit with privacy complaints over iPhone tracking tool
Apple's Identifier for Advertisers activates without consent and violates the EU's Cookie Law, say privacy campaigners
A privacy group has filed complaints against Apple over a tool in iOS 14 that allegedly tracks iPhone user behaviour without consent.
The group claims that Apple's Identifier for Advertisers (IDFA) activates when a user sets up an iPhone without offering a chance to consent or even notifying them of its existence. The IDFA is a type of code that stores online behavioural data. It acts as 'license plate' for each iPhone, that third-parties can use to target individuals with advertising.
The complaint is based on Article 5(3) of the EU Cookie Law, or ePrivacy Directive, which allows both Spanish and German authorities to impose penalties on Apple without cooperation with the EU.
The Cookie Law is an older legal act that was passed in 2002 to deal with cookies, data retention and unsolicited e-mailing. Although a directive and not regulation, the law is legally binding in all member states, much like GDPR, but it's open to some interpretation.
Noyb has chosen this avenue of complaint to avoid GDPR and what it called its "endless procedures".
"As the complaint is based on Article 5(3) of the e-Privacy Directive and not the GDPR, the Spanish and German authorities can directly fine Apple, without the need for cooperation among EU Data Protection Authorities as under GDPR," the group says.
Noyb is also involved in legal action against Facebook, which is GDPR-based. However, this is the first privacy complaint filed against Apple in the EU.
Apple has recently announced plans to change its IDFA system, restricting use for third-parties, but not for Apple itself, according to Noyb.
"We believe that Apple violated the law before, now and after these changes," said Stefano Rossetti, Noyb's privacy lawyer.
"With our complaints, we want to enforce a simple principle: trackers are illegal unless a user freely consents. The IDFA should not only be restricted but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default."
In a statement given to IT Pro, an Apple spokesperson slammed Nyob's accusations as "inaccurate" and said it "looks forward to making that clear to privacy regulators should they examine the complaint."
"Apple does not access or use the IDFA on a user’s device for any purpose. Our aim is always to protect the privacy of our users and our latest software release, iOS 14, is giving users even greater control over whether or not they want to allow apps to track them by linking their information with data from third parties for the purpose of advertising, or sharing their information with data brokers," the spokesperson continued.
"Our practices comply with European law and support and advance the aims of the GDPR and the ePrivacy Directive, which is to give people full control over their data.”
There is a similar system used by Google, according to Noyb, which it is also looking into.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now