BERLIN (GERMANY) – A group led by privacy activist Max Schrems on Monday filed complaints with German and Spanish data protection authorities against Apple’s online tracking tool. It made allegations that it allows iPhones to have a storage of the users’ data without their consent in breach of European law.
It is the first such major action against the US technology group in connection with European Union privacy rules.
Apple did not immediately reply to a request for comment.
The Californian tech giant says it provides users with an assurance of privacy protection. The company had announced it would further make its rules tighter with the launch of its iOS 14 operating system this autumn.
The complaints by digital rights group Noyb were brought against Apple’s use of a tracking code, which would be automatically generated on every iPhone, as it is being set up, the so-called Identifier for Advertisers (IDFA).
The code, stored on the device, allows Apple and third parties to help keep a track of user’s online behaviour and consumption preferences, for platforms such as Facebook to send targeted ads, which will be of interest to the user.
Noyb lawyer Stefano Rossetti said, “Apple places codes that are comparable to a cookie in its phones without any consent by the user. This is a clear breach of European Union privacy laws.”
Rosetti referred to the EU’s e-Privacy Directive, which calls for a user’s prior consent for the installation and use of such information.
Apple’s planned new rules would not change this as they would restrict third-party access but not Apple’s.
According to Counterpoint Research, Apple accounts for one in every four smartphones sold in Europe.
Noyb, a privacy advocacy group led by Austrian Schrems that has successfully fought two landmark trials against Facebook, said it was claimed on behalf of an individual German and Spanish consumers and handed to the Spanish data protection authority and its counterpart in Berlin.
Rossetti said the action was not fixed on levying high fines but rather aimed at establishing a clear principle whereby “tracking must be the exception, not the rule”.
“The IDFA should not only be restricted, but permanently deleted,” he said.
National data protection authorities have the direct power to fine companies for breaching European law under the e-Privacy Directive.
