Apple’s ad-tracking system is under attack by a privacy activist with a successful track record of fighting Facebook and other tech giants.
Apple uses its own system known as IDFA (IDentifier For Advertisers) to assign a unique code to each of its devices, so that advertisers can track who has seen particular ads. But privacy campaigner Max Schrems claims that this breaches European law…
Advertisers like to measure the effectiveness of their ads by working out how many people who purchase a product have seen an online ad for it. To do this, a cookie is dropped on the user’s device when they see an ad, and the website where the purchase is made can check for the presence of that cookie.
Conversely, if you visit a website about (eg) drones, the site can drop a cookie, and ad networks like those run by Google and Facebook can check for that cookie and then serve you ads for drones. This is why you often see ads relating to topics you’ve recently been researching.
This type of tailored advertising is more likely to be effective, so ad networks can charge more for displaying personalized ads.
Advertisers don’t know who you are — they don’t know the identity of the person who saw the ad or visited the website — they just know that the same person (actually, device) did both.
Since Apple protects our identity, it believes this approach is consistent with its stance on privacy.
Claim that Apple’s ad-tracking system is illegal
CNBC reports that Schrems believes IDFA is illegal despite Apple’s privacy protection.
Schrems’ Vienna-based no-profit group, NOYB [None Of Your Business], filed complaints in Germany and Spain alleging Apple’s use of a tracking code on iPhones, called IDFA, breaches European law […] Noyb argues the tool is created and stored on Apple devices without user consent.
‘The IDFA is placed into the device without the user’s consent,’ Stefano Rosetti, data protection lawyer at NOYB, told CNBC. ‘We find that this constitutes a violation of the so-called “cookie law” … which prohibits the installation of trackers of any sort without the user consent.’
Apple originally planned to present users with a popup in iOS 14, seeking their permission to have their ad-viewing tracked by IDFA. However, it agreed to delay this to give the ad industry time to prepare. NOYB says that Apple hasn’t explained what happens if a user declines permission.
‘It’s not clear, for example, if the tracker will still be created and then some sort of technical mechanism will hinder third parties from accessing it. And what about Apple? Will the company access the tracker? Again it’s not clear.
In a sense, it does not concern this action because … our point is that the tracker should not be created/installed in the first place (at least without the user’s informed and freely given consent).
Apple might well have reason to fear the complaints: Schrems has been successful with other legal battles against tech giants.
Schrems has risen to fame in the last decade for taking on Facebook over the transfer of European citizens’ data to the U.S. He argued that, in light of revelations from American whistleblower Edward Snowden, US law did not offer sufficient protection against surveillance by public authorities.
His first major victory came in 2015 when he successfully brought down the EU’s Safe Harbor agreement on EU-U.S. data transfers. Five years later, the European Court of Justice agreed with Schrems that a new framework called the Privacy Shield doesn’t adequately protect the privacy of Europeans.
Privacy Shield wasn’t used just by Facebook, but by almost every tech company doing business in Europe.
If IDFA is found to be illegal in Europe, it doesn’t seem that it will take the ad industry long to find a workaround.
Apple had not commented at the time of writing.
FTC: We use income earning auto affiliate links. More.