EU privacy activists complain about Apple tracking users in violation of regulations

NOYB, a well-known European privacy activist, has filed a complaint to the German and Spanish privacy data protection agencies about Apple’s violation of regulations and tracking users.

The reason is that Apple uses identity identifiers on iPhone/iPad to track users, and this situation violates relevant EU laws without obtaining user consent.

This problem is mainly caused by the identity tracking code that Apple has built into its devices. This identity identifier is generated by Apple and can be used to identify individual users.

Obviously, in this case, Apple should obtain the user’s consent before it can be used. However, in fact, Apple restricts other advertising networks to read it but Apple can still read it by itself.

In iOS 13.x and earlier versions, Apple will generate a specific identifier for the device, and any advertising network can use this identifier to identify and track users.

Apple did not explicitly obtain the user’s consent before creating the identity identifier, and in accordance with the EU’s “Privacy and Electronic Communications Regulations,” Apple must obtain the user’s consent in advance.

Without the user’s consent, Apple created an identity identifier without authorization, specifying user preferences so that advertising networks can push personalized ads based on preferences.

NOYB’s attorney stated that EU law protects our equipment from external tracking and only allows external tracking with the explicit consent of the user.

This simple rule applies regardless of which tracking technology is used. Although the identity identifier is not a cookie, it has the same effect and therefore must comply with the law.

In the latest iOS 14.x version, Apple has adjusted the identity identifier. By default, the identity identifier is not allowed to be read by advertising networks.

The advertising network can still request the user’s consent to read the identity identifier. In this case, the advertising network’s behavior is in compliance with EU privacy laws.

However, Apple itself did not abide by this agreement. Apple can still directly read the user ID and will not pop up a notification to obtain user authorization and consent.

In other words, Apple itself can still initialize and store the identity identifier, so this behavior also violates EU privacy laws.

The attorney believes that it is illegal to use the tracker unless the user’s consent is obtained.

For most people, smartphones are the most private devices. By default, smartphones must have no trackers, otherwise, it is difficult to protect our privacy.

NOBY said that Google also uses a similar tracking system. Next, he and his team of lawyers will also review the Google tracking system and counterattack in due course.

It is worth noting that this complaint is not based on the EU General Data Protection Regulation (GDPR) but based on the EU Privacy and Electronic Communications Regulations.

Via: Reuters