Apple has recently been running an ad campaign about its new iPhone and the privacy protection built right in.
The company says, "Some things shouldn't be shared. That's why iPhone is designed to help give you control over your information and protect your privacy."
But is your sensitive information as private as Apple claims? A new complaint filed in the EU says the answer to that question is no.
Noyb (short for none of your business) is a non-profit digital rights organization based in Austria. It says your privacy is not what you expect if you use an iPhone because of something called the IDFA.
Apple's operating system automatically generates a unique IDFA for each iPhone. IDFA, which stands for Identifier for Advertisers, essentially allows Apple and any applications installed on the phone to track and combine information about the user's online and mobile behavior, also known as "cross-device tracking."
Tracking user information itself is not necessarily a bad thing; it can even be useful in some cases. But the public interest group says when you start tracking users without their knowledge or consent, that's when issues begin to arise. And this is exactly what it claims Apple is doing.
Unique IDFAs are installed on iPhones without knowledge or consent from the user. Apple and other third parties have access to the IDFA's information, which leads to targeted advertising for the user. This type of tracking is heavily regulated under the EU "Cookie Law," which requires the user's informed and unambiguous consent.
And this is where the new complaints come in.
The noyb group filed two complaints against Apple for the use of its IDFA tracking code without the user's knowledge.
Stefano Rosetti, a privacy lawyer at noyb.eu, shared some of his thoughts regarding Apple's tracking:
"EU law protects our devices from external tracking. Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used. While Apple introduced functions in their browser to block cookies, it places similar codes in its phones, without any consent by the user. This is a clear breach of EU privacy laws."
Apple has acknowledged that their IDFA tracking may not be in the consumer's best interest, as it has announced plans for changes to the IDFA system. These changes primarily revolve around limiting third-party access, but not for Apple itself. The plans also include a notification that will ask the user if an app can access the IDFA.
Still, noyb says the initial storage of the information contained in the IDFA and Apple's use of that was done without consumer consent. Apple has not yet said when they plan to make these changes.
Rosetti shared some more thoughts regarding these changes:
"We believe that Apple violated the law before, now and after these changes. With our complaints we want to enforce a simple principle: trackers are illegal, unless a user freely consents. The IDFA should not only be restricted, but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default."
The bottom line according to noyb's complaints is that Apple has violated some consumer privacy laws and must make changes in the future. That probably means the digital rights group does not agree with the Apple ad below and others like it.