Governance & Risk Management , Privacy
Apple Fined 8 Million Euros for Privacy Violations in France
French Data Protection Agency Says Apple Lacked Consent for Ad PersonalizationThe French data privacy agency has fined Apple 8 million euros for an ad personalization tracker that violated the country's privacy laws. The agency says the fine was lower, in part, because Apple has addressed the issue.
See Also: Using the Netskope HIPAA Mapping Guide
After a two-year investigation, the National Commission on Informatics and Liberty - known as CNIL - fined Apple Distribution International for failing to legally collect the consent of customers using the French version of the Apple iOS 14.6 platform.
The agency, which launched its investigation in 2021 based on a complaint, found that Apple automatically enabled trackers used for ad personalization as a default setting without obtaining users' consent when the French users of older 14.6 iOS devices visited the App Store.
"The user had to perform a large number of actions in order to deactivate this setting," the agency said.
This feature violated the provisions relating to identifiers that fall within the scope of the ePrivacy directive of the French Data Protection Act, CNIL says.
Apple did not immediately respond to a request for comment from Information Security Media Group.
The agency says the fine was calculated based on the number of Apple French users in France, profits the company made from its advertising revenues tied to the identifiers and "the fact that the company has reached compliance."
The French agency is known to actively pursue tech companies that have misleading user data and cookie policies. In December, it fined Microsoft Ireland 60 million euros for misleading cookie policies. Prior to that, it fined Facebook 60 million euros for not allowing users to refuse tracking cookies.
The latest fine against Apple comes as the Irish Data Protection Commission announced a 390 million euro fine against Meta Ireland for ad personalization that violated the user consent clause stipulated under the European General Data Protection Regulation (see: Irish Privacy Watchdog Fines Meta 390 Million Euros for Ads).