abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapelocationmap-pinminusnewsorganisationotheroverviewpluspreviewprofilerefreshnewssearchsecurityPathtagticktooltiptwitteruniversalityweb
Article

Noyb files complaints against Apple's tracking code "IDFA"

"Noyb files complaints against Apple's tracking code "IDFA"", 16 November 2020.

IDFA (Apple’s Identifier for Advertisers) allows Apple and all apps on the phone to track a user and combine information about online and mobile behaviour. Just like for cookies, this would require the users’ consent under EU law. Apple places these tracking codes without the knowledge or agreement of the users. noyb therefore filed two complaints against the company. Our partners at Xnet were able to assist us in Spain.

IDFA – the cookie in every iPhone user’s pocket. Each iPhone runs on Apple’s iOS operating system. By default, iOS automatically generates a unique “IDFA” (short for Identifier for Advertisers) for each iPhone. Just like a license plate this unique string of numbers and characters allows Apple and other third parties to identify users across applications and even connect online and mobile behaviour (“cross device tracking”).

Tracking without user consent. Apple’s operating system creates the IDFA without user’s knowledge or consent. After its creation, Apple and third parties (e.g. applications providers and advertisers) can access the IDFA to track users’ behaviour, elaborate consumption preferences and provide personalised advertising. Such tracking is strictly regulated by the EU “Cookie Law” (Article 5(3) of the e-Privacy Directive) and requires the users’ informed and unambiguous consent...

No need for EU cooperation. As the complaint is based on Article 5(3) of the e-Privacy Directive and not the GDPR, the Spanish and German authorities can directly fine Apple, without the need for cooperation among EU Data Protection Authorities as under GDPR.

"These cases are based on the "old" cookie law and do not trigger the cooperation mechanism of the GDPR. In other words, we are trying to avoid endless procedures like the ones we are facing in Ireland." - Stefano Rossetti, privacy lawyer at noyb.eu...

Google uses a similar tracking system, which is currently being reviewed by noyb.

Story Timeline