The French data protection regulator, CNIL, is casting doubt on Apple’s compliance with EU privacy rules, according to a 13-page confidential note. As reported by Politico, CNIL believes that “Apple’s practices suggest a lack of consent collection” despite its requirements for other developers.
The note is from December 17 and was signed by the CNIL president Marie-Laure Denis.
Last week, the French data regulator opened a probe into Apple over personalized advertising features and the day after, the competition authority and CNIL backed Apple’s App Tracking Transparency.
The organizations argued that Apple’s App Tracking Transparency, the new privacy feature the company plans to roll out in the spring, is anti-competitive. The feature will ask users for consent to be tracked online by third parties for targeted-ad purposes.
According to the internal CNIL document, “the privacy regulator said that the App Tracking Transparency is in line with the EU’s flagship privacy rules,” but Apple seems on the wrong side when it comes to its own advertising platform. As for now, CNIL’s document won’t affect much, because the regulator was asked to give its opinion on a case, not investigate it.
An Apple spokesperson commented on the Politico report:
The note’s final pages also evaluate whether Apple needs to collect consent to use personal data, which would allow app developers to target users on the App Store’s search result. According to CNIL, the short answer is most likely “yes.”
Privacy is built into the ads we sell on our platform. We hold ourselves to a higher standard by allowing users to opt out of Apple’s limited first-party data use for personalized advertising, a feature that makes us unique.
Politico says the French data regulator “does acknowledge there are differences between privacy-friendly and data-hungry, intrusive business models, but argues that the law applies to everyone.”
