Another day, another lawsuit (or at least a legal complaint or two). Apple’s ad tracking is the target of two complaints to Spanish and German authorities by a privacy advocate, Noyb (None of Your Business) reports Bloomberg.
The group, founded by privacy activist Max Schrems, is accusing the tech giant of unlawfully installing so-called identification for advertisers on its devices. The service helps Apple and apps track users’ behavior and their consumption preferences without their consent, the group said.
“With our complaints we want to enforce a simple principle: trackers are illegal, unless a user freely consents,” Noyb lawyer Stefano Rossetti told Bloomberg. “Smartphones are the most intimate device for most people and they must be tracker-free by default.”
Each iPhone comes with an individual IDFA, which behaves similarly to a browser cookie does for computers, letting third parties identify the user. The basis of Schems’ case is that, under EU law, individuals must consent to this tracking, but IDFA is activated by default inside iOS.
The identifier for advertisers or IDFA is the only means for advertisers to precisely target and track users within apps on iOS devices. Think of an IDFA as something like a cookie that is tied to devices instead of browsers, in that it enables an advertiser to get notified when a user of a phone has taken an action like clicking on their ad in a browser and then installing, using, or interacting with ads in their app.
As noted by the Invoca Blog, the identifier is used in non-browser apps, which never had support for cookies. IDFAs only provide advertisers data in aggregate and no individually identifiable data is available.
“Seemingly contrary to Apple’s renewed focus on privacy, every iPhone that Apple ships comes assigned with a unique IDFA which allows advertisers to indefinitely track user interaction and use that information to build user profiles that are attached to that device,” Owen Ray writes for Invoca Blog. “Unlike browser cookies, which have (or should I say, had) a very short lifespan, an IDFA can be much more long-lived, as the identifier is static unless the user manually resets it. One can assume that this is only done by advanced users and the extremely privacy-minded — making it a durable and even semi-permanent identifier across the app ecosystem.