French start-up accuses Apple of violating EU privacy law

A French start-up lobbying group on Tuesday filed a complaint against Apple, alleging that the tech giant’s newest software does not comply with European Union privacy laws. 

In the seven-page complaint obtained by Reuters, France Digitale argued that default settings on Apple’s latest operating software, iOS 14, allow the company to carry targeted ad campaigns based on user data without explicitly asking for prior consent.

The lobbying group, which represents a large share of France’s digital entrepreneurs and venture capitalists, did acknowledge though that iPhone users are asked to grant permission to mobile apps to gather information for developing targeted ads. 

Under current EU privacy law, however, all organizations must ask online users if they consent to having some data obtained through the use of online trackers or other tools. 

France Digitale also argued in the complaint that Apple’s tracking function is able to collect data on users to share with affiliated companies without receiving explicit permission ahead of time. 

France Digitale CEO Nicolas Brien told CNBC Tuesday, “Our suspicion is that this is a very severe breach of our privacy regulations,” including breaches of Europe’s General Data Protection Regulation and the Electronic Privacy Directive, also known as the e-Privacy directive.

“Our problem here is that you don’t get the choice to consent,” Brien added. “It’s automatically on and that’s strictly forbidden by GDPR and e-Privacy.”

The lobby group called on the independent French data privacy watchdog CNIL to investigate the claims. 

A CNIL spokesperson told CNBC Tuesday that it had received France Digitale’s complaint and planned to pursue an investigation.

Apple pushed back on the claims, writing in a statement to The Hill, “The allegations in the complaint are patently false and will be seen for what they are, a poor attempt by those who track users to distract from their own actions and mislead regulators and policymakers.” 

“Transparency and control for the user are fundamental pillars of our privacy philosophy, which is why we’ve made App Tracking Transparency equally applicable to all developers including Apple,” the company added. “Privacy is built into the ads we sell on our platform with no tracking.”

“We hold ourselves to a higher standard by allowing users to opt out of Apple’s limited first-party data use for personalized advertising, a feature that makes us unique.”

Tuesday’s complaint comes after Twitter in December became the first U.S. tech firm to be fined for violating the EU’s General Data Protection Regulation, which went into effect in 2018. 

Ireland’s Data Protection Commission said at the time that it was fining Twitter 465,000 euros, about $546,000, for not promptly disclosing or documenting a data breach in 2019 within 72 hours, as required under the new EU law.