Apple hits out at campaign group’s ‘inaccurate’ privacy complaint

Apple has strongly denied claims from privacy campaigners that it has breached Europe’s ePrivacy directive through its Identifier for Advertisers (IDFA).

The non-profit campaign group Noyb said that the Apple operating system on iPhones creates IDFA without the user’s knowledge or consent, thereby breaching Europe’s Privacy Directive. According to Noyb, this contravenes the “Cookie Law”, or Article 5(3). The group has filed complaints in Spain and Berlin over the use of IDFA, saying it could allow Apple to track a user on their iPhone across apps and provide personalised advertising.

However a spokesperson for Apple, responding to the allegations, said: “The claims made against Apple in this complaint are factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint. Apple does not access or use the IDFA on a user’s device for any purpose.

“Our aim is always to protect the privacy of our users and our latest software release, iOS 14, is giving users even greater control over whether or not they want to allow apps to track them by linking their information with data from third parties for the purpose of advertising, or sharing their information with data brokers.”

Apple has this year announced updates to its privacy measures, and on the launch of iOS 14 in September, the company stated that “Starting early next year, all apps will be required to obtain user permission before tracking.”

But Noyb claims that the initial storage of the IDFA, and its use by Apple, should still require user consent, and is therefore in breach of European privacy law.

Stefano Rossetti, privacy lawyer at Noyb, said: “EU law protects our devices from external tracking. Tracking is only allowed if usersexplicitly consent to it. This very simple rule applies regardless of the tracking technology used.

“While Apple introduced functions in their browser to block cookies, it places similar codes in its phones, without any consent by the user. This is a clear breach of EU privacy laws.

“We believe that Apple violated the law before, now and after these changes. With our complaints we want to enforce a simple principle: trackers are illegal, unless a user freely consents. The IDFA should not only be restricted, but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default”


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.