A group led by privacy activist Max Schrems on Monday filed complaints with German and Spanish data protection authorities about the tracking tool from Apple, claiming that it allows iPhones to store users’ data without their consent in violation of European law.
The move marks the first such major action against Apple regarding privacy rules in the European Union, and Apple says it provides users with a higher level of privacy protection.
The American company had announced its intention to tighten its rules, with the launch of iOS 14 this fall, but said in September: It is delaying the plan until early next year.
Noyb, the digital rights group, filed complaints against Apple’s use of a tracking code that is automatically generated across every iPhone when it is set up, which is called the Advertiser Identifier (IDFA).
The code stored within the device allows Apple and third parties to track user online behavior and consumption preferences, which is vital for the likes of Facebook; To be able to send targeted advertisements of interest to the user.
The group’s lawyer (Stefano Rossetti) said: Apple puts codes that can be compared to a cookie in its phones without any consent from the user, and this is a clear violation of privacy laws in the European Union.
Rossetti pointed to the European Union Directive on Electronic Privacy, which requires prior consent from the user to install and use this information.
Apple owns one in four smartphones sold in Europe, according to data from market research firm Counterpoint.
The claims were filed on behalf of individual German and Spanish consumers, and were handed over to the Spanish data protection authority and its counterpart in Berlin.Each federal state in Germany has the power to protect its own data, unlike Spain.
Rossetti said: The measure is not about high fines, but rather aims to establish a clear principle, that tracking should be the exception rather than the rule, and the advertisers’ identifier IDFA should be restricted and permanently deleted.
National data protection authorities have the power to impose a direct fine on companies for breaching European law under the Electronic Privacy Directive.
Noyb, a privacy advocacy group that has successfully had two high-profile trials against Facebook, said it hoped the Spanish and German authorities would act more quickly than the Irish Data Protection Committee.