France’s data protection regulator has fined Apple $8.5 million for not seeking users’ prior consent before filing and/or writing ad identifiers used for advertising purposes on their devices.
Following a complaint relating to the “personalization processing of advertisements broadcast in the App Store”, the French watchdog CNIL carried out several checks in 2021 and 2022 in order to verify compliance with the applicable regulations.
“The CNIL found that under the old version 14.6 of the iPhone operating system when a user went to the App Store, identifiers serving several purposes, including the purposes of personalizing advertisements distributed on the App Store, were by default automatically read on the terminal without obtaining consent,” the regulator said in a statement.
This ad identifies must not be able to be read and/or deposited without the user has expressed his prior consent.
However, in practice, the ad targeting settings available from the iPhone’s “Settings” icon were pre-checked by default.
“In addition, the user had to perform a large number of actions to successfully deactivate this parameter since this possibility was not integrated into the initialization process of the telephone,” said CNIL.
The CNIL acted under the European Union’s “Privacy Directive” which allows for member state-level data protection authorities to take action over local complaints about breaches.
