Apple Privacy Updates and Facebook’s Retort

The long-awaited Apple privacy update was rolled out on April 26, 2021, for iOS. The latest version of iOS 14.5, will prompt iPhone and iPad users to opt-in or opt-out of ad tracking on apps. Users must now give explicit consent for apps to monitor their behaviour and share the data with third parties such as advertisers.

The new Apple privacy update will give users more control over how their data like age, location, health information, spending habits are used by companies such as Facebook and Google, to target ads.

The new Apple privacy feature is called App Tracking Transparency. It is a pop-up notification that appears when you open an app that tracks you.

In a video posted on YouTube, Apple noted that while personal data can help users perform functions like map their runs, tag photos or track locations etc., some apps have more trackers than necessary and share data with third parties, like advertisers and data brokers. 

“They collect thousands of pieces of information about you to create a digital profile that they sell to others. These third parties use your profile to target you with ads, and they can also use it to predict and influence your behaviours and decisions.“

Apps on iOS will be required to ask users if they can “track your activity across other companies’ apps and websites.” Users who opt out will see fewer personalized ads. 

Since 2012, apps developed for iOS have used a unique Identifier for Advertising (IDFA) to conduct tracking. Companies that sell ads use IDFA for targeting ads to consumers. Apps use this unique ID to connect the user data gathered from iOS devices and data collected from the web. 

Users could opt out of IDFA-based tracking before but with App Tracking Transparency, the choice is explicit. Once users update to iOS 14.5, every single app that wants to track their data across different apps and websites has to ask permission first. If users do not give permission, apps can’t track their data on the app, or sell that data to third parties. Apple noted that this privacy feature will also apply to their first-party apps.

The Apple privacy update will also impact tracking activities such as sharing location data, emails with data brokers, third-party SDKs used for analytics etc. Notably, it’s developers, not Apple, who will decide when to put up the prompt. It means that apps don’t have to do so on launch day, which is why a lot of them haven’t yet. Also, developers who don’t want to track users don’t have to show the prompt at all. 

Apps also can only request once, when you first open the app after the update. Users don’t have to wait for developers to put up a prompt. You can turn off tracking right away via settings on your device. Here’s how: 

Settings > Privacy > Tracking > Turn off “Allow apps to request to track”

App Tracking Transparency isn’t the only big privacy update in iOS 14. In December 2020, Apple introduced its privacy “nutrition labels” – a privacy explainer that apps can provide to users. 

Similar to nutrition labels on food,  privacy labels are easy-to-read versions of an app’s privacy policies. That means detailed information about what data an app collects, why and what they do with it. It’s not just third-party apps that must show privacy labels. Apple offers the same information for all its downloadable apps and on their website.

The labels have three categories: data used to track you, data linked to you, and data not linked to you. You can access it on your devices via theApp Store. Here’s how:

App Store > Search an app > Scroll down > App Privacy

The labels intend to bring data privacy to the forefront. Users don’t have to see the privacy policy but can get reasonable information about how their data is used, at a glance.

Ahead of Apple’s privacy updates, Facebook announced plans to help users allow tracking of their iPhones and iPads to deliver personalized ads. Facebook has been at loggerheads with Apple regarding these new privacy changes. As a result, Facebook promptly decided to place a pop-up on its app that will explain why users should give the company permission to track them on iOS. 

Facebook argues that opting in will make ads more personalized and help support businesses that rely on advertising. These pre-emptive prompts will be made mandatory for the latest iOS 14.5 versions.

Back in 2020, when Apple initially announced its plans for App Tracking Transparency Facebook raised strong objections with full-length newspaper ads. Facebook claimed that Apple’s changes will be “devastating to small businesses” as it will make targeted ad campaigns harder and expensive. 

I’m pretty certain #Facebook is fighting #Apple to retain access to personal data. #PID #privacy. #fullpagead #wsj pic.twitter.com/029WwaGSs0

— Dave Stangis (@DaveStangis) December 16, 2020

In their press releases, Facebook noted that news publishers could see as much as a 50% drop in their ad revenue from iOS and that small businesses would “see a cut of over 60% in their sales for every dollar they spend” on ads on Apple devices. Facebook continues to be unhappy with the Apple privacy updates, as the two companies engage in a war of words. 

It’s not just Facebook, but German advertisers have filed a complaint against Apple to the country’s competition regulator. Nine industry associations including the largest media, tech and advertising companies accused Apple of antitrust abuse. The complainants predict a 60% fall in advertising revenues for app developers, from Apple’s privacy updates.

NOYB, a European non-profit privacy watchdog, filed two complaints against the company in 2020. The complaint was filed with German and Spanish data protection authorities for placing IDFA tracking codes on the user’s device without consent, which falls under the purview of the EU’s ePrivacy Directive (ePD or cookie law).

In 2020, IAB Europe and its partners complained to the French data privacy watchdog CNIL. The complaint noted that Apple has an upcoming opt-in feature for third-party apps to track users while the feature does not affect Apple’s own personalized advertising. 

CNIL rejected advertisers’ requests to suspend the upcoming Apple privacy update earlier in 2021. CNIL noted that a pop-up prompt could benefit users in being aware of targeted advertising and also presents a “clear and unbiased way”, as required by the GDPR rules.

Another complaint was filed by France Digitale in 2021, a lobby group representing over 2000 startups and venture capital firms. The complaint filed with the CNIL noted that Apple’s ad tracking violates GDPR and EU’s privacy requirements as it does not seek users’ consent for receiving targeted ads. The move represents the escalation of tensions between Apple and French advertisers as Apple has been criticized for harming startups with its regulation of targeted ads.

The new App Tracking Transparency is all about consent. It asks users if they agree to share their data with app publishers for purposes for advertising and other similar purposes. But, is Apple’s definition of consent (“permission”) the same as the GDPRs freely given, specific, informed and unambiguous consent? For instance, it is harder for a user to withdraw consent once they’ve given it via the pop-up. They have to navigate to the settings to do so. This violates the GDPR principle that consent should be as easy to withdraw as it is to give. 

Apple’s IDFA itself draws criticism as it does not explicitly receive user consent. Similar to cookies, IDFA is stored and retrieved from user’s devices and hence comes under Article 5(3) of the ePrivacy Directive that notes that users must take affirmative action to express their consent.

The GDPR definition of personal data includes any ‘identifier such as a name, an identification number, location data, an online identifier’, which could include a device ID, an IDFA or potentially a hashed email address. So, now the question is if the tracking consent applies independently of ATT. Apple only offers a peripheral explanation in this FAQ.

The latest Apple privacy changes open up many grey areas regarding privacy and compliance, not just for Apple, but also for the ad tech industry as a whole. As the ecosystem evolves to strengthen data privacy rights and stricter compliance, we should note that businesses are still flouting cookie laws. 

Here’s where CookieYes can help website owners. CookieYes is a cookie consent solution for your website that will help you to comply with data protection laws like the GDPR and CCPA.

You can add a fully customizable cookie consent banner in 26 languages, can your website for cookies and add it to your site’s list of cookies. CookieYes will automatically block 20+ third-party cookies like Google Analytics, Facebook Pixel until you get user consent. 

You can also keep a record of users’ consents and their cookie preferences in a consent log. This can help you demonstrate your compliance during audits. 

Sign up for free today!