Eight million euros. This is the amount inflicted by the Cnil on Apple for having imposed advertising trackers on its users in France, without their explicit consent, she indicated on Wednesday January 4.
How Apple became an advertising giant, at the risk of violating privacy
The investigation was launched by the French guardian of privacy on the internet after a complaint from the France Digitale association, which brings together French start-ups and in particular software developers distributed via the American group’s application store.
The relatively limited nature of the fine is explained by the fact that Apple quickly brought itself into compliance during the Cnil investigation, which took place in mid-2021.
In addition, these advertising identifiers only allowed Apple to target Internet users when they were browsing the mobile application store (App Store), therefore in a very limited field. Finally, the authority was only able to penalize breaches in France.
Witness “to the extent of Apple’s abusive practices”
“We are disappointed by this decision (…) and we will appeal”responded Apple, in a statement to the press. “The Cnil has recognized that the way” from which advertisements are now distributed in the App Store “prioritizes the protection of user privacy”added the American giant.
For their part, French digital marketing professionals welcomed the decision. “This sanction (…) once again testifies to the extent of Apple’s abusive practices, currently contested all over the world, from Japan to the United States via Poland”estimated the Digital Alliance.
In fact, the old version 14.6 of the Apple operating system deposited ” by default “ identifiers on the brand’s mobile devices (iPhone, iPad, etc.). These identifiers allowed Apple to personalize the advertisements displayed on its application store. If the user did not want this advertising tracking, he had to uncheck a box in the device settings.
The Apple Pay scam, a new windfall for hackers
” It has been years “ that the position of the European Court of Justice and the courts is ” very clear “explained to AFP the secretary general of the Cnil Louis Dutheillet de Lamothe: a valid consent “cannot be a pre-checked box”he pointed out.
At the time of the complaint, the managing director of France Digitale Nicolas Brien, had lambasted the ” Two weights, two measures “ from Apple.
The Apple brand allowed itself a pre-ticked box for its tracers, while it recently imposed on third-party applications to request explicit consent from the Internet user for their own cookies.
GDPR does not apply
If Apple is condemned, however, the company may find consolation in the details of the Cnil’s decision. This recognizes as a mitigating circumstance the operation “by cohorts” and not individual of its advertising targeting.
With these identifiers, Apple does not seek to target individuals, but categories of individuals, a less intrusive operation in terms of privacy.
The sanction only concerns France, as it falls under the European e-Privacy Directive, which only allows national sanctions.
The European Data Protection Regulation (GDPR), which provides for sanctions at European level, does not apply in this specific case.
