IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Apple hit with privacy complaints over iPhone tracking tool

Apple's Identifier for Advertisers activates without consent and violates the EU's Cookie Law, say privacy campaigners

A privacy group has filed complaints against Apple over a tool in iOS 14 that allegedly tracks iPhone user behaviour without consent.  

The Noyb group, led by privacy campaigner Max Schrems, has filed complaints with the German and Spanish data protection authorities under the EU's Cookie Law

The group claims that Apple's Identifier for Advertisers (IDFA) activates when a user sets up an iPhone without offering a chance to consent or even notifying them of its existence. The IDFA is a type of code that stores online behavioural data. It acts as 'license plate' for each iPhone, that third-parties can use to target individuals with advertising.  

The complaint is based on Article 5(3) of the EU Cookie Law, or ePrivacy Directive, which allows both Spanish and German authorities to impose penalties on Apple without cooperation with the EU. 

The Cookie Law is an older legal act that was passed in 2002 to deal with cookies, data retention and unsolicited e-mailing. Although a directive and not regulation, the law is legally binding in all member states, much like GDPR, but it's open to some interpretation. 

Noyb has chosen this avenue of complaint to avoid GDPR and what it called its "endless procedures".

"As the complaint is based on Article 5(3) of the e-Privacy Directive and not the GDPR, the Spanish and German authorities can directly fine Apple, without the need for cooperation among EU Data Protection Authorities as under GDPR," the group says. 

Noyb is also involved in legal action against Facebook, which is GDPR-based. However, this is the first privacy complaint filed against Apple in the EU.

Apple has recently announced plans to change its IDFA system, restricting use for third-parties, but not for Apple itself, according to Noyb. 

"We believe that Apple violated the law before, now and after these changes," said Stefano Rossetti, Noyb's privacy lawyer.

"With our complaints, we want to enforce a simple principle: trackers are illegal unless a user freely consents. The IDFA should not only be restricted but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default." 

In a statement given to IT Pro, an Apple spokesperson slammed Nyob's accusations as "inaccurate" and said it "looks forward to making that clear to privacy regulators should they examine the complaint."

"Apple does not access or use the IDFA on a user’s device for any purpose. Our aim is always to protect the privacy of our users and our latest software release, iOS 14, is giving users even greater control over whether or not they want to allow apps to track them by linking their information with data from third parties for the purpose of advertising, or sharing their information with data brokers," the spokesperson continued.

"Our practices comply with European law and support and advance the aims of the GDPR and the ePrivacy Directive, which is to give people full control over their data.”

There is a similar system used by Google, according to Noyb, which it is also looking into.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022