Internal document suggests Apple could fall foul of regulators in France

“Apple’s practices suggest a lack of consent collection.”

What you need to know

  • French regulators may find that changes made to tracking in iOS 14 were unfair because they don’t apply to Apple.
  • That’s according to an internal document seen by Politico.
  • The CNIL reportedly believes Apple should have to ask users for consent too, something which may come to light as an investigation in the country unfolds.

A new internal document suggests France’s data protection authority believes Apple may have to ask users to consent to its own data collection in iOS 14, as Apple’s current policy may not comply with EU law.

Reported by Politico:

Apple has put privacy at the heart of its sales pitch to users, but an internal document from France’s data regulator suggests the iPhone maker’s own targeted advertising practices may be problematic.

According to the 13-page confidential note seen by POLITICO, France’s CNIL data protection authority cast doubt on Apple’s compliance with EU privacy rules. Last week, the country’s competition authority ruled in Apple’s favor in a case over its new anti-tracking tool.

The document in question is from December and signed by CNIL president Marie-Laure Denis. According to the report it states “Apple’s advertising processing requires consent when it involves reading or writing data on the user’s device” but notes “Apple’s practices suggest a lack of consent collection.”

Just last week French antitrust authorities declined to pass any interim measures on Apple over changes made in iOS 14, but announced it plans to “look closely” at whether Apple applies its new rules less stringently to itself compared to third-party developers.

The internal document from the CNIL appears to have been sent to those authorities to help advise on the case, from the report:

The note, dated December 17 and signed by the CNIL president Marie-Laure Denis, is an opinion given to the country’s competition authority to inform a case that pits the U.S. tech giant against four organizations representing the French online advertising ecosystem.

As Politico notes, both French antitrust authorities and the CNIL agree that Apple’s App Tracking Transparency measures do fall in line with EU rules, the CNIL stating “The pop-up proposed by the Apple company differs positively from some interfaces that do not comply with the regulations.”

The question that remains is whether Apple is being unfair to developers by forcing them to get consent before tracking users when Apple’s own advertising platform doesn’t have to do this. This could throw up some problems for Apple down the road if antitrust authorities find this to be the case:

In the note’s final pages, the CNIL assesses whether Apple needs to collect consent to use personal data for its own advertising platform, which allows app developers to target users on the App Store’s search results.

The short answer, according to the CNIL, is most likely yes.

The regulator does acknowledge there are differences between privacy-friendly and data-hungry, intrusive business models, but argues that the law applies to everyone.

Apple’s defense, as contained in the note, is that Apple doesn’t need to get consent from users because it doesn’t track them, and “because of privacy-by-default features on its devices.” It seems the CNIL isn’t inclined to agree with this explanation, however:

However, the CNIL hints that Apple’s definition of tracking could be too narrow, as it does not encompass reading or writing data from the terminal — meaning the use of trackers such as cookies. Every case of targeted advertising that the CNIL has come across, the regulator argues, involves reading or writing data from the terminal: It appears that Apple should indeed collect consent.

As the report reiterates, the CNIL document was written to advise French antitrust authorities, rather than as a formal judgment or conclusion on the matter. Apple’s App Tracking Transparency in iOS 14 remains lawful as far as EU data protection is concerned, but how the policy is being applied on iOS could still cause the Cupertino company a headache. The investigation continues.

The post Internal document suggests Apple could fall foul of regulators in France appeared first on iMore.