Governance & Risk Management , Privacy

Apple Fined 8 Million Euros for Privacy Violations in France

French Data Protection Agency Says Apple Lacked Consent for Ad Personalization
Apple Fined 8 Million Euros for Privacy Violations in France
Image: Shutterstock

The French data privacy agency has fined Apple 8 million euros for an ad personalization tracker that violated the country's privacy laws. The agency says the fine was lower, in part, because Apple has addressed the issue.

See Also: Using the Netskope HIPAA Mapping Guide

After a two-year investigation, the National Commission on Informatics and Liberty - known as CNIL - fined Apple Distribution International for failing to legally collect the consent of customers using the French version of the Apple iOS 14.6 platform.

The agency, which launched its investigation in 2021 based on a complaint, found that Apple automatically enabled trackers used for ad personalization as a default setting without obtaining users' consent when the French users of older 14.6 iOS devices visited the App Store.

"The user had to perform a large number of actions in order to deactivate this setting," the agency said.

This feature violated the provisions relating to identifiers that fall within the scope of the ePrivacy directive of the French Data Protection Act, CNIL says.

Apple did not immediately respond to a request for comment from Information Security Media Group.

The agency says the fine was calculated based on the number of Apple French users in France, profits the company made from its advertising revenues tied to the identifiers and "the fact that the company has reached compliance."

The French agency is known to actively pursue tech companies that have misleading user data and cookie policies. In December, it fined Microsoft Ireland 60 million euros for misleading cookie policies. Prior to that, it fined Facebook 60 million euros for not allowing users to refuse tracking cookies.

The latest fine against Apple comes as the Irish Data Protection Commission announced a 390 million euro fine against Meta Ireland for ad personalization that violated the user consent clause stipulated under the European General Data Protection Regulation (see: Irish Privacy Watchdog Fines Meta 390 Million Euros for Ads).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.