Italy fines Apple $116 million over App Store privacy policy issues
by Sergiu Gatlan · BleepingComputerItaly's competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising.
ATT requires developers to request consent to collect their data for targeted advertising before tracking them across websites, apps, and services owned by other companies. Apple introduced ATT in June 2020 and began enforcing it in April 2021 with the release of iOS 14.5 and iPadOS 14.5.
As the AGCM said in a Monday press release following a two-year investigation, Apple's ATT policy requires third-party apps to display a standardized prompt requesting user permission to track activity across other companies' apps and websites.
However, Apple's own apps and services are exempt from showing the prompt. The AGCM said ATT's implementation forces developers to request consent twice for the same purpose.
Because the ATT prompt doesn't satisfy EU privacy law requirements under GDPR, developers must also display their own consent mechanism, creating what regulators called an "excessively burdensome" double-consent process.
"In other words, while fully supporting the objective of ensuring that users’ consent is full, free and informed, the Authority found that – also on the basis of the opinion of the Data Protection Authority – Apple could have achieved the same level of privacy protection for its users through means less restrictive of competition," the Italian antitrust agency explained.
"This would have prevented the unilateral imposition of additional burdens on third-party developers, thereby avoiding the above-mentioned double consent requests for advertising purposes."
In reaction to AGCM's decision, Apple told BleepingComputer that it will appeal and will continue "to defend strong privacy protections."
"At Apple, we believe privacy is a fundamental human right, and we created App Tracking Transparency to give users a simple way to control whether companies can track their activity across other apps and websites. These rules apply equally to all developers, including Apple, and have been embraced by our customers and praised by privacy advocates and data protection authorities around the world, including the Garante," Apple told BleepingComputer.
"We strongly disagree with the ICA’s decision, which disregards the important privacy protections ATT provides in favor of ad tech companies and data brokers who want unfettered access to users’ personal data. We will continue to defend strong privacy protections for our users as we appeal."
In April, Apple was also fined €150 million ($162 million) by France's antitrust watchdog for using the ATT privacy framework to abuse its dominant market position in mobile app advertising.
Similar investigations are ongoing in Poland, and Apple also moved to change the ATT consent prompt at the German regulator's request in early December to address antitrust concerns.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.