Apple faces two strategic privacy complaints in Europe by digital activist Max Shrems, who has successfully taken over Facebook’s user data practices.
Schreim’s Vienna-based nonprofit (like “Your Business Has No Business”) filed privacy complaints with German and Spanish regulators, Apple AAPL,
Tracks users without permission in violation of EU law.
Complaints focus on Apple’s Advertiser Identifier (IDFA), a unique tracking code generated by each iPhone that allows Apple, app developers and advertisers to track and target ads.
Noy accuses the inclusion of IDFAs in iPhones by default of the EU’s 2011 “cookie law”, which requires informed and explicit approval to store users’ data.
An IDFA “allows all apps on Apple and Phone to track a user and link information about online and mobile behavior,” Noip said in a statement. “Apple keeps these tracking codes without users’ knowledge or agreement.”
Both of these complaints were made through an EU e-Privacy Order, but not a comprehensive Public Data Protection Regulation (GDPR), meaning that German and Spanish regulators could impose fines on Facebook without cooperating with camp officials.
“EU law protects our devices from external surveillance. Monitoring is only allowed if users explicitly agree. This very simple rule applies regardless of the surveillance technology used,” said Stefano Rosetti, Noyip’s privacy lawyer.
Shremes is a top activist who has successfully taken over Facebook FB,
He argued that the United States did not provide adequate protection for user data, based on revelations from government surveillance published by whistleblower Edward Snowden, in order to transfer European data to the United States.
In 2015, he complained to authorities in Ireland – Facebook’s site in Europe – that the secure port agreement that manages the Trans-Atlantic data storage was invalid. Earlier this year, the EU Supreme Court ruled that the US-EU Privacy Shield, the heir to secure Harbor, did not adequately protect user data.
Apple has previously said it will tighten its own rules surrounding third-party data usage, requiring apps to ask users’ permission to choose IDFA tracking, in the latest software update, iOS 14. However, the company pushed the idea back to September, delaying changes early next year to give developers more time to make changes.
Apple’s proposed changes are not enough to meet EU privacy requirements. “These changes appear to restrict the use of IDFA to third parties (but not to Apple),” the panel said. “However, IDFA’s initial storage and Apple’s use of it will be done without users’ consent, thus violating EU law.”
“IDFA should not only be regulated, but permanently removed. Smartphones are a very intimate device for most people and should naturally be tracker-free,” Rosetti said.
Marketwatch approached Apple for comment.