When it comes to privacy, Apple has always presented itself as Big Tech’s golden boy.
Now, some of that shine is coming out.
An internal document from the French data regulator seen by POLITICO revealed on Tuesday that the iPhone maker’s targeted advertising practices may conflict with European Union privacy laws.
The French watchdog’s analysis – which does not find any wrongdoing – came as part of an investigation by the country’s competition authority over Apple’s new anti-tracking tool. These changes, to be released soon, will give people more say in how their data is collected and used by third-party apps, raising problems between Facebook and smaller app developers that the company is not playing fair.
But while the two French regulators approved this feature, called Apple’s App Tracking Transparency, the privacy watchdog gave the iPhone maker’s own advertising business a more forceful assessment.
“Apple’s advertising processing requires consent when it involves reading or writing data to the user’s device,” wrote the Commission nationale de l’informatique et des libertés, or CNIL, in its internal document. “Apple’s practices suggest a lack of consent collection.”
The non-mandatory The assessment – which is written with caution as it is designed to report another case, rather than providing the basis for an independent investigation – casts doubt on Apple’s privacy credentials.
Apple CEO Tim Cook has repeatedly denounced the “industrial data complex” in veiled attacks on ad models hungry for data from Google and Facebook – while seeking to position his own company as a model of virtue of privacy in comparison.
Cook’s prick highlights how hostile relations between some of the biggest companies in Silicon Valley have become as they seek to publicly position themselves on controversial issues such as privacy, sustainability and human rights.
“In a time of rampant misinformation and algorithm-fueled conspiracy theories, we can no longer turn a blind eye to a theory of technology that says that every engagement is a good engagement – the longer, the better – and all with the aim of collecting the as much data as possible, ”Cook told an online audience in January, while defending the company’s own data protection standards.
The introduction of the anti-tracking feature, which is expected to launch on Apple’s iOS 14 later this year, was just the last blow in the company’s attempt to claim high morale on privacy. Now the shot could backfire.
Although the CNIL was only asked to report a case involving the appeal, instead of investigating the company’s own practices, the regulator’s assessment could have consequences later on. It can still fuel a privacy complaint filed in March by the lobby of the startup France Digitale.
This complaint accuses Apple of violating privacy rules by “systematically collecting users’ consent by default on iOS 14 in order to engage in targeted advertising in its native apps”.
It is not the only one aimed at the advertising practices of the American company.
A nonprofit organization led by Austrian privacy activist Max Schrems has also filed lawsuits in Germany and Spain, accusing the company’s tracking code of violating privacy. The company denies any wrongdoing.
The Cupertino-based technology giant has more privacy investigations by the Irish Data Protection Commission than Google, including one related to its behavioral advertising business. Dublin is the main European regulator for both companies, as they are legally established in the Irish capital.
For some viewers, the adoption of open arms by Apple’s privacy hides an internal ecosystem that thrives on exploiting personal information in the same way as other Silicon Valley powers. While the iPhone maker does not offer people’s data to strangers like Facebook and Google, it has increasingly broad digital services and advertising businesses that still depend on people’s digital information collection.
“Even though Apple is now taking steps to become more strict about privacy, it is still profiting a lot from creating an ecosystem that, in general, is really privacy-invading,” said Joris van Hoboken of Vrije Universiteit Brussels, who studies Big Tech.
He pointed to Apple’s software development kits that allow game developers to make detailed profiles of users – efforts the company itself profits from. “They have this incentive to create the conditions for highly data intensive and intrusive application privacy business models, and then profit from it directly,” said van Hoboken.
Asked about the French regulator’s findings, an Apple spokesman pointed to an earlier statement that said: “Privacy is built into the ads we sell on our platform. We set ourselves to a higher standard, allowing users to choose not to use Apple’s own limited data for personalized advertising, a feature that makes us unique. “
Not everyone is so sure.
Johnny Ryan, a privacy activist who has always been involved with Google because of his data practices, said Apple’s privacy protections were better than most of its competitors. But no company, including the iPhone maker, should be allowed to use people’s data within its own digital empire in ways that others around the world are prevented from doing.
“What we’re seeing is free internal data for everyone,” said Ryan, a senior member of the Irish Civil Liberties Council. “The data practices within these companies are alive and well.”
Laura Kayali contributed reporting.