Content
Stay up to date on the latest happenings in digital marketing
France fined Apple $150 million euros over App Tracking Transparency. That might be the start of major changes to how Apple employs ATT in the future in France, in the EU — where 26 other countries will instantly see a major revenue opportunity — and maybe even globally.
Spoiler alert:
Everyone in mobile growth is hoping ATT will go away. That is … unlikely.
But it could change significantly. Keep reading …
Why France fined Apple: “neither necessary nor proportionate”
Apple’s goal with App Tracking Transparency is not the problem, says France. France fined Apple, but not for giving people more control over their privacy. That’s generally a good thing.
The problem is the way it privileges Apple and punishes third-party developers, especially smaller ones.
“The introduction of the framework led to multiple consent pop-ups being displayed, making the use of third-party applications in the iOS environment excessively complex,” says France’s antitrust watchdog. “How ATT is implemented is neither necessary for nor proportionate with Apple’s stated objective of protecting personal data.”
ATT is only for third-party apps.
The reason is that Apple sees all iPhone and iPad owners as its own customers. In other words, their data is first-party to Apple, and there’s implicit consent for Apple to store and use data people use, share, or create in Apple-owned apps for multiple purposes … including targeting for ads in Apple Search Ads.
That’s not explicitly stated in Apple’s privacy page for ASA, but it is in the support documentation:
“Ads delivered by Apple may appear in the App Store, Apple News, and Stocks. These ads don’t access data from any other apps. In the App Store and Apple News, your search and download history may be used to serve you relevant search ads. In Apple News and Stocks, ads are served based partly on what you read or follow.”
Currently Apple limits contextual data collection for ad targeting to 3 apps. Conceivably, that could change in the future.
- Music would be a rich resource
- Maps would be extremely useful
- Podcasts would make a ton of sense
- TV would be useful
- Fitness could be as well
(I’ve previously speculated on Apple expanding its ad network(s) from ASA and Apple News to Podcasts; so far Apple has declined to exploit the opportunity.)
The problem is that under ATT, third-party apps had multiple privacy hoops to jump through, rather than just 1. Where Apple’s first-party apps could instantly ask for location, or access to other features, or data-sharing, third-party apps had those pop-ups to navigate in addition to App Tracking Transparency.
“The implementation methods artificially complicate the use of third-party apps and distort the neutrality of the framework. Small publishers financed by advertising are disadvantaged.”
That variance made ATT anti-competitive, according to France, and therefore illegal given Apple’s size and market share.
Another reason France fined Apple: ATT’s construction is ‘non-neutral’
There’s another problem with ATT, according to France, and it’s yet another key reason why France fined Apple.
The issue: App Tracking Transparency is constructed to limit acceptance and privilege denial by design.
To deny app tracking authorization, users simply need to say No in the initial prompt. In other to accept personalized advertising, people need to say yes to the initial prompt (#1 above) and yes to the full-screen explanation of ATT (#2 above).
Small changes in design could have fixed this, France says.
France: ATT could easily be integrated with GDPR and local privacy laws
France’s competition office not only said ATT was anti-competitive. It also said that Apple could “easily” integrate ATT with GDPR and help app makers meet their legal obligations at the same time as their platform obligations.
First off, France says that ATT does NOT by itself bring app publishers into compliance with GDPR out of the box … something that we’ve recently learned not all app publishers fully understand. To actually comply, publishers generally have to add a CMP (consent management platform), which makes for multiple pop-ups, general user annoyance, and all-round confusion.
A few changes, however, could have integrated GDPR and ATT:
“The ATT framework could easily, subject to a few modifications, also be used to collect the consents required by French law and the GDPR,” says French sister agency CNIL, the country’s data protection authority. “Making publishers systematically collect user consent twice for the same purpose constitutes an unnecessary and artificial complexity.”
In other words, CNIL is saying, Apple could have shown a single, unified prompt for everything: ATT acceptance, GDPR compliance, and authorization for Apple to use iPhone owners’ data for its own ad network. And that would have changed everything that led up to our current situation under which France fined Apple.
Something like this could have worked:
“This iPhone and apps on it may use your activity across Apple apps and other apps to personalize ads. Do you agree?”
Then, Apple could have provided clear yes/no options that in 1 simple step:
- Cover both Apple’s ad tracking and third-party tracking together
- Satisfy GDPR’s “freely given, specific, informed, and unambiguous” consent requirement
The implication, of course, is that Apple didn’t do this because Apple distinguishes between its own ad platform (which uses first-party data and — in truth — is particularly privacy-respecting) and third-party tracking. Plus, Apple likely feels that its ad targeting uses first-party data in a way that doesn’t require the same kind of consent under its interpretation of GDPR.
We all knew this right? So now what?
None of this is really a shock to anyone who has been paying attention in mobile marketing and advertising for the last few years.
The difference is that now you have a respected, influential, and powerful national organization saying what marketers have been saying: ATT is constructed in a way that confuses and scares users, makes life harder for third-party app publishers, and privileges Apple.
The question is: will it change anything?
Apple is likely to appeal as a matter of course, but is probably unlikely to win. France fined Apple to started this process, but every other EU country is likely to see this as an opportunity to do something similar … and extract some hundreds of millions of dollars from a big American tech company.
So France is likely just the start.
What can Apple do to avoid additional payments to the 26 other countries in the European Union?
Follow CNIL’s advice and merge ATT and GDPR, at least in the EU.
And, maybe, get ahead of the problem and do something similar globally, for every jurisdiction, to comply with local privacy laws and avoid adding a layer of challenging, difficult-to-understand pop-ups and settings just for Apple.
If Apple can find a way to do that while retaining its incredibly important image as a paragon of privacy, it may just do that.
We will, as they say, see.
