An Austrian privacy advocacy group drew a strongly critical response from Apple on Monday after it said an online tracking tool used in its devices breached European law.
The group, led by campaigner Max Schrems, filed complaints with data protection watchdogs in Germany and Spain alleging that the tracking tool illegally enabled the $2 trillion U.S. tech giant to store users’ data without their consent.
Apple directly rebutted the claims filed by Noyb, the digital rights group founded by Schrems, saying they were “factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint”.
Schrems is a prominent figure in Europe’s digital rights movement that has resisted intrusive data-gathering by Silicon Valley’s tech platforms. He has fought two cases against Facebook, winning landmark judgments that forced the social network to change how it handles user data.
Noyb’s complaints were brought against Apple’s use of a tracking code, known as the Identifier for Advertisers (IDFA), that is automatically generated on every iPhone when it is set up.
The code, stored on the device, makes it possible to track a user’s online behaviour and consumption preferences – vital in allowing companies to send targeted adverts.
“Apple places codes that are comparable to a cookie in its phones without any consent by the user. This is a clear breach of European Union privacy laws,” Noyb lawyer Stefano Rossetti said.
Rossetti referred to the EU’s e-Privacy Directive, which requires a user’s consent before installation and using such information.
Apple said in response that it “does not access or use the IDFA on a user’s device for any purpose”.
It said its aim was to protect the privacy of its users and that the latest release of its iOS 14 operating system gave users greater control over whether apps could link with third parties for the purposes of targeted advertising.
The Californian tech giant said in September it would delay plans to launch iOS 14 until early next year.
Apple accounts for one in every four smartphones sold in Europe, according to Counterpoint Research.
The claims were made on behalf of a German and a Spanish consumer and handed to the Spanish data protection authority and its counterpart in Berlin, said Noyb.
Spain’s privacy protection agency confirmed it received a complaint from Noyb against Apple but declined to comment.
The Berlin agency had no comment. In Germany, each federal state has its own data protection authority.
Noyb said its claims were based on the 2002 e-Privacy Directive that allows national authorities to impose fines autonomously, avoiding lengthy proceedings it faced in its case against Facebook that was based on the EU’s General Data Protection Regulation (GDPR).
The GDPR regime launched in 2018 included a mandatory cooperation mechanism among national authorities, which Noyb says has slowed progress.
Rossetti said the action aimed to establish a clear principle that “tracking must be the exception, not the rule”.
Apple, responding, said: “Our practices comply with European law and support and advance the aims of the GDPR and the ePrivacy Directive, which is to give people full control over their data.”