Apple to Appeal Italy's $116M Fine for Antitrust Breaches Related to App Tracking Transparency
Apple's App Tracking Transparency (ATT) policy, which sets privacy rules for third-party developers of apps offered on the App Store, violates EU antitrust rules, the Italian Competition Authority (ICA) said Monday, fining the company more than 98.6 million euros ($116 million).
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
However, Apple will "continue to defend strong privacy protections for our users as we appeal," a spokesperson emailed us Tuesday. The company created ATT to give users a simple way to control whether companies can track their activity across other apps and websites, it said. The rules apply to all developers, including Apple, "and have been embraced" by customers and "praised by privacy advocates and data protection authorities around the world," including Italian DPA Garante.
Apple has marketed itself as strong on privacy with tools like ATT, which require users to choose with every app they use if they want to allow tracking. However, on Monday, the Italian regulator found that Apple breached the Treaty on the Functioning of the EU "in the market for the supply to developers of platforms for online distribution of apps to iOS users," a market where the company holds a "super-dominant position through its App Store."
"Apple’s conduct amounts to an exploitative abuse ... that started in April 2021 and is still ongoing," the ICA's executive summary stated.
An investigation by the ICA, European Commission, other national competition authorities and the Italian DPA found that the privacy rules imposed by Apple on third-party app developers are restrictive.
In particular, the ICA said, third-party developers of apps distributed through the App Store are required to obtain specific consent for the collection and linking of data for advertising purposes through Apple's ATT prompt. However, it said, the prompt doesn't comply with privacy law requirements because it forces developers to double the consent request for the same purpose.
The ATT policy's terms are imposed unilaterally and harm Apple's commercial partners, the ICA said. The terms are also disproportionate to achieving the company's stated data protection objectives, it said.
Since user data is a key point for online personalized advertising, the double consent requirement restricts collection, linking and use of such data, hurting developers whose business model relies on the sale of advertising space as well as advertisers and advertising intermediation platforms.
The authority noted it didn't "in any way challenge Apple's potentially legitimate decision to adopt safeguards designed to strengthen -- also beyond what is strictly necessary -- the protection of users' privacy within the iOS system."
Apple, however, should have ensured the same level of privacy protection for users by allowing developers to obtain consent to profiling in a single step, the watchdog said.