EU Privacy Complaints Target Apple
Go back

EU Privacy Complaints Target Apple

on 06 December 2020

​This is not the first time Apple has come under fire for breaching the privacy of its users. On Monday, November 16th, Apple was the recipient of two privacy complaints from Austrian privacy activist, Max Schrems. Shcrems works with the non-profit group NOYB, of which he is the founder. The group stands for “My Privacy is None of Your Business,” in which privacy for all is the mission. Schrems filed official complaints in the countries of Spain and Germany against Apple’s illegal use of what is known as a tracking code on iPhones, called IDFA, short for Identifier for Advertisers. This is a legal breach against European law.


IDFA is a number assigned uniquely to each device in order for advertisers to be able to better market their ads to specific people that may be interested in their product. In the official complaint, NOYB stated that this “tool” is used to gather and store your personal information by Apple, without your consent for third-party access. Further, NOYB found suspects that apps are sharing the IDFA information with one another. For example, the IDFA from Apple is shared with Facebook. Facebook could then share this information with third-party sellers so they may advertise to you through Facebook and so on.


NOYB data protection lawyer Stefano Rosetti said in a recent interview with CNBC that “The IDFA is placed into the device without the user’s consent. We find that this constitutes a violation of the so-called “cookie law” ... which prohibits the installation of trackers of any sort without the user consent.” Apple commented in response stating that they already offer an option for users to opt-out of being included in personalized advertising through phone tracking. You can read Apple’s Advertising & Privacy Policy here.

A line from the policy claims “Apple does not share any personally identifiable information with third parties.” A representative backed that line up when they spoke on behalf of Apple in reply to the allegations, stating “the claims made against Apple in this complaint are factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint.” Apple went on to state that their goal is “always to protect the privacy of our users.”

"We want to enforce a simple principle: trackers are illegal, unless a user freely consents. The IDFA should not only be restricted, but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default," Rosetti commented in response to Apple.


EU privacy laws are in place to protect all users from having any external tracking on their device without consent. While it is true that Apple introduced an update which allows users to block cookies in their browser, this is not the same as asking for users to opt-in to third party sharing for advertising. Still, Rosetti questions the purpose of installing a tracker at all. He states, “our point is that the tracker should not be created/installed in the first place.”

An IDFA allows every action on the device to be tracked, logged and shared without user consent. Apple has stated that they will make some changes to the IDFA in early 2021, but they made no mention of not using the information. Apple has come back to say, “our practices comply with European law and support and advance the aims of the GDPR and the ePrivacy Directive, which is to give people full control over their data.”

Privacy is a supported right in the European Union, and the IDFA is a legal breach of that right. The hope with this case is that IDFA’s will no longer be allowed to be stored in phones, giving users the comfort and privacy they deserve.

Share this article