In December 2020, the French Data Protection Authority fined Apple 8 million euros for its app store personalised advertising practices.
It’s easy to see how Apple has become an attractive target for regulators for many years. However, this recent fine adds to the growing evidence that Apple needs to change how it handles user data.
This article will analyze the French Data Protection Authority’s decision and look into what Apple needs to do to address the issues brought up in the complaint.
Background of the issue
Apple has long aimed to protect user identities and their data across all its products and services. At the same time, Apple’s success as a global technology giant depends partly on its ability to collect user data to personalise the experience offered through the App Store and other services. The recent controversy around how Apple uses user data for personalised advertising illustrates the need for better user data practices to give users more control over their personal information.
The issue with personalised advertising on the App Store is that it relies on collecting, processing, and monetizing data collected from users without their explicit consent or knowledge. This includes location, age, gender, interests, behaviour patterns, device type and online activity. As this type of advertisement feeds off of such personal information collected without consent or an opportunity to opt-out or control when it is used to send adverts or how other companies use it, there have been concerns about privacy violations due to a lack of transparency as well as potential misuse.
To address these issues and ensure that user privacy is not violated while allowing companies offering personalised ads access to valuable consumer insights, Apple must address how it handles user data for personalised ads associated with the App Store.
Overview of the fine
In early July 2020 Apple had to pay $113 million in an agreement with thirty-four different US states. The fine stemmed from alleged infringements of App Store data privacy policies which had been violated by allowing app makers to access user details such as phone numbers and email addresses to send targeted advertisements. Despite the legal settlement, Apple continues to face strong criticism due to their approach when handling user data.
The issue is not new, with Apple having implemented temporary solutions such as periodic updates, app uninstalls and persistent identification resets in the past, however consumers still report being singled out by specific ads they don’t want. To tackle this problem requires a fundamental shift from how the App Store currently operates and demands better stewardship of personal information by developers who use Apple’s APIs for advertising purposes.
In response, Apple has released a new set of App Store policies to give customers more control over how their data is used for advertising on iOS devices. As well as stronger enforcement against apps that are found to be violating these guidelines, there will be an increase in transparency over how apps use customer data for personalised ad targeting and restrictions on outside companies collecting customer data without explicit customer consent. There will also be provisions for stricter penalties against those who go against these rules, including removal of offending apps and suspension of developers’ App Store accounts if warranted. Additionally, there are plans to introduce more detailed explanations on what types of information can be used so that users can make more informed choices when downloading or updating apps.
France sticks Apple with €8M fine over App Store personalised advertising complaint from iOS 14
Recently, France fined Apple 8 million euros for failing to comply with personalised data protection laws regarding how it handled user data for personalised advertising on the App Store. This brings to light Apple’s current practices and how it must improve if it wants to avoid such fines in the future.
Let’s take a closer look.
Personalization of ads
Apple’s current practices for personalising ads on the App Store focus on user behaviour such as app downloads, search terms, and device type. This data is gathered through user activity in the App Store to help target relevant ads. Additionally, Apple may collect data from third-party sources to ensure an even more tailored ad experience. This can include gender, age range, location, and industry type.
However, it is important to note that Apple does not collect any personally identifiable information (PII) when creating personalised ads on the App Store. While they track user activities and gather data from third-party sources, this information is anonymized to target advertising campaigns more effectively.
The company has adopted a firm stance on protecting user privacy by ensuring that all PII collected for ad personalization is kept confidential and securely managed by their privacy policies. As a result of these practices, Apple offers users enhanced control over their data with convenient opt-out options available for those who don’t want their activities tracked for personalised ads.
Lack of transparency
Apple’s current practices regarding collecting and using user data for personalised advertising on the App Store are not without flaws. It is difficult for consumers to know what types of data are being collected, how they are being used, and who has access to them. Though Apple does offer users the ability to opt-out of targeted ads, there is a lack of transparency about the types of data being used for such ads and how those data are shared with third-party advertisers. This makes it hard for users to make informed decisions about their privacy and security.
Additionally, Apple’s current practices do not appear to follow best practices regarding parental consent or transparency. According to a paper published by The Center for Digital Democracy, there is evidence that some children under the age of 13 are being targeted with push notifications or other forms of personalised marketing without parental consent or disclosure.
To ensure that user privacy and safety remain a top priority on the App Store, Apple must improve its information-handling processes and strengthen protections around personalization advertising directed at children and teens. For example, this may require better communication between advertisers and app developers regarding which types of data are being collected before parents give their consent or teenagers provide authorization on behalf of what their parents should know about collection. Additionally, Apple could consider using its discretion more judiciously when approving advertisements–only select those that comply fully with legal requirements around digital privacy–to strengthen consumer trust in its services.
Lack of user control
Apple’s current practices do not appear to provide enough user control to its customers regarding personalised advertising on the App Store. Companies like Google and Facebook allow users to limit or opt out of personalised advertisements. Yet, Apple does not currently provide any form of control for users that wish additional security or privacy from the sorts of advertising featured on the App Store.
Additionally, Apple does not seem to disclose exactly what data is collected to make decisions about personalised advertisement. This lack of transparency may leave users uncertain about how their data is being handled and used for such practices. Furthermore, this uncertainty can lead to distrust in Apple, which can significantly impact user loyalty and retention in the long term.
Given the sensitivity of user information, customers must be offered control and transparency regarding their data. Without control and transparency, Apple’s current practices could lead to dissatisfaction among its users who feel their privacy is inadequate or unsupported. A fundamental reconsideration towards making accessible controls available and clear visible knowledge regarding what type of data is collected must be made for Apple’s internal protocols about utilising someone’s personal information for advertisement purposes moving forward.
Impact of the Fine
Apple was recently fined €8M by France’s Competition and Fraud Authority (DGCCRF) over a complaint concerning personalised advertising on the App Store. This fine is significant and has important implications for how Apple stores and handles user data.
It highlights the need for Apple to improve their policies regarding data usage for personalised advertising on the App Store.
Let’s look at the impact of the fine in detail.
Potential changes to Apple’s practices
Apple is likely to analyze and adjust its practices regarding user data collection, storage and usage. In addition, the company may swiftly introduce or modify internal policies to ensure regulatory compliance.
Apple may take steps towards offering more privacy options to its users allowing them control over how much of their personal information is shared with Apple. They could also improve their existing opt-out system for users who do not want any personalised advertisements. Another potential step could be restricting how Apple collects, stores and uses user data for advertising purposes, including applying appropriate security protocols like encryption.
Additionally, Apple may need to rethink the way it grants access to third-party data analytics companies to optimise advertisement targeting. It could also allocate dedicated resources towards providing more transparency over what user data is collected, stored and used by Apple’s app store for personalised ads. Other potential changes include streamlining the process of notifying app store developers of violations regarding user privacy rights or implementing better mechanisms to detect and reject fraudulent marketing apps on the app store before they go live and start collecting data from unsuspecting users.
Impact on user data privacy
The actions taken by Apple to improve user data privacy on its App Store is intended to give users more control over how their data is used for personalised advertising. This means that apps requesting users’ personal information must indicate the purpose of the request, while at the same time providing users with a clear view of what types of personal data will be collected and how it will be used. Additionally, companies must provide customers with an easy way to opt out of personalised ads and keep their data private.
By introducing greater transparency and control into the user experience, Apple hopes to protect users from potential targeted ads that collect inappropriate amounts of personal information and put them in a better position in terms of determining where and when their data is shared. In other words, the company wants to ensure that users fully understand how their activity on the App Store—including any purchases they may have made—is allowed to be used for advertising purposes.
As well as helping increase user privacy and control, Apple’s initiative could also help developers who wish to stay within current guidelines about collecting user data. Companies that fail to comply with these regulations risk being hit with hefty fines or even completely removing their content from the App Store. Ultimately, these measures ensure that all personalised advertising apps maintain an ethical standard when handling customer information.