French Regulator Imposes Fine on Apple

France’s data protection regulator has levied a fine of $8.5 million against Apple for failing to obtain users’ prior consent before accessing and using ad identifiers for advertising purposes on their devices.

Breach of App Store Ad Targeting Rules

The fine was imposed following a complaint regarding the personalized advertising practices within the App Store. The French regulatory authority, CNIL, conducted multiple checks between 2021 and 2022 to assess compliance with relevant regulations.

According to CNIL, investigations revealed that, under the previous version 14.6 of the iPhone operating system, ad identifiers serving various purposes, including ad personalization on the App Store, were automatically accessed on users’ devices without obtaining their consent.

Lack of User Consent

The regulator found that these ad identifiers were being read and stored without users’ explicit consent, a violation of privacy regulations. Moreover, the ad targeting settings accessible through the iPhone’s “Settings” menu were pre-selected by default, making it challenging for users to disable them.

CNIL highlighted the cumbersome process users had to undertake to opt out of these settings, as the option to deactivate ad tracking was not integrated into the device initialization process.

Action Under Privacy Directive

CNIL’s enforcement action against Apple was carried out under the framework of the European Union’s Privacy Directive. This directive empowers member state-level data protection authorities to address local complaints regarding data protection breaches.

The fine imposed on Apple underscores the importance of obtaining user consent and ensuring transparency in data processing practices, particularly concerning personalized advertising. It serves as a reminder to tech companies of the need to prioritize user privacy and comply with relevant regulations to avoid regulatory penalties.