The group, Noyb, which is led by Austrian privacy activist Max Schrems, filed official complaints with data protection authorities in German and Spanish. They allege that Apple stores tracked user data without getting consent, which is a violation of Europe’s privacy law, the General Data Protection Regulation (GDPR).
This is the first time a company is being legally called out for violating the 2018 data privacy mandate. Schrems has already challenged Facebook in court twice, which resulted in the social media giant having to change the way it transfers data.
“With our complaints, we want to enforce a simple principle: Trackers are illegal, unless a user freely consents,” Noyb lawyer Stefano Rossetti said in a statement to the media. “Smartphones are the most intimate device for most people, and they must be tracker-free by default.”
A tool called IDFA — Identifier for Advertisers — is a one-of-a-kind device identification code that advertisers use for ad targeting and results. Noyb claims that Apple users are subjected to the embedding of IDFA without an option to turn it off.
“The IDFA is placed into the device without the user’s consent,” Rosetti told CNBC. “We find that this constitutes a violation of the so-called ‘cookie law,” … which prohibits the installation of trackers of any sort without the user’s consent.”
Apple defends its privacy protection policies, pointing out that with its latest operating system, iOS14, users will have to opt-in for tracking, with the default set to opt-out.
March policy updates to the Apple Card allowed for more anonymous data sharing with partner Goldman Sachs. The main intent was to advance its new credit assignment program, which could provide users with more credit access.
Earlier this month, Apple warned in its annual report that new regulations combined with legal fees already incurred could impact its revenue and overall operations. Additionally, patent infringement allegations and changing global regulations could expose the company to more lawsuits worldwide.