A group led by privacy activist Max Schrems on Monday filed complaints with German and Spanish data protection authorities over Apple’s online tracking tool. The lawsuit alleges that the company allows iPhones to store users’ data without their consent in breach of the European Union’s Privacy law.
The first major privacy lawsuit for Apple- who’s top priority, especially with the iOS 14 has been top-notch privacy- has possibly breached privacy mandates laid by the European Union, according to Schrems and his privacy advocacy group “Noyb”. According to the group, the claims were made on behalf of an individual German and Spanish consumer and handed to the Spanish data protection authority and its counterpart in Berlin.
Not a first for the digital rights group, Noyb has previously successfully fought two landmark trials over privacy against Facebook. The group has now filed a lawsuit against Apple’s use of a tracking code that is automatically generated on every iPhone when it is set up, the so-called Identifier for Advertisers (IDFA). The code, stored on the device, allows Apple and third parties to track a user’s online behavior and consumption preferences — vital for the likes of Facebook to be able to send targeted ads that will interest the user.
“Apple places codes that are comparable to a cookie in its phones without any consent by the user. This is a clear breach of European Union privacy laws,” said Noyb lawyer Stefano Rossetti. Noyb said the claims were based on the 2002 e-Privacy Directive that allows national authorities to impose fines autonomously, as a way to avoid the lengthy proceedings it faced in its case against Facebook that was based on the EU’s General Data Protection Regulation (GDPR).
Rossetti then pointed towards the EU’s e-Privacy Directive, which requires a user’s prior consent to the installation and use of such information, wherein Apple has possibly faltered. Mr. Rossetti said the action was not about high fines but rather aimed at establishing a clear principle whereby “tracking must be the exception, not the rule”.
“The IDFA should not only be restricted but permanently deleted,” he said.