It’s an interesting ruling because it’s based purely on the user actively giving consent to targeted ads, and not how the operator obtains that information.
Why that matters is because it means any kind of customisation based upon the user’s actions is in breach the moment it is considered advertising. With many kinds of apps structured by expansions or subscription/service offerings this can become ripe territory for breaches.
This differs from the Google/Facebook fines because those properties serve you ads from data that is gathered from non-Google/non-Facebook properties. i.e Invasive tracking.
That said it’s now moot, since Apple quickly updated the software to include a prompt to the user - that’s also why the fine is 10-20x smaller than what Google and Meta received.
The law doesn’t have a real-world equivalent, since this is like fining a clothing store for approaching a customer with complementary items. “Hey you’re looking at scarves we also have these nice fine leather jackets.” Versus the Google/Meta approach of “Here’s coats, because a little birdy told us you liked photos of a ski chalet.”
The slippery slope here is that all apps will get a click through that is ultimately ignored by the user. A lot like how the web is currently a mess with constant cookie/tracker authorisation prompts. What they need to do is not put the onus on the user, and just identify what they believe is bad behaviour and outlaw that entirely.
> The slippery slope here is that all apps will get a click through that is ultimately ignored by the user.
The key part is that the click-through should give you an option to decline, and the GDPR mandates that you can't use dark patterns or any other methods to sway the choice either way, so it should be as easy to decline than to accept. That seems good.
This is very, very interesting, because as I understand it, it sees the EU "cookie rule" being applied directly to the OS; no (traditional) cookies involved. Microsoft Windows could well be next.
Equally though, GDPR (and predecessor or adjacent legislation) isn't specifically about cookies - common parlance is to refer to it as the "cookie law", but usually it's the ePrivacy Directive that covers cookie use, and it also covers any other kind of identifier that is being used for a purpose other than merely getting bits and bytes to the end user.
Therefore it isn't a huge surprise from a legal perspective, as the legislation is technology agnostic, but it is nonetheless good to see enforcement being carried out, as it helps to remind everyone that the principles of the legislation aren't limited to cookies, and apply to use of identifiers and the act of tracking.
It’s an interesting ruling because it’s based purely on the user actively giving consent to targeted ads, and not how the operator obtains that information.
Why that matters is because it means any kind of customisation based upon the user’s actions is in breach the moment it is considered advertising. With many kinds of apps structured by expansions or subscription/service offerings this can become ripe territory for breaches.
This differs from the Google/Facebook fines because those properties serve you ads from data that is gathered from non-Google/non-Facebook properties. i.e Invasive tracking.
That said it’s now moot, since Apple quickly updated the software to include a prompt to the user - that’s also why the fine is 10-20x smaller than what Google and Meta received.
The law doesn’t have a real-world equivalent, since this is like fining a clothing store for approaching a customer with complementary items. “Hey you’re looking at scarves we also have these nice fine leather jackets.” Versus the Google/Meta approach of “Here’s coats, because a little birdy told us you liked photos of a ski chalet.”
The slippery slope here is that all apps will get a click through that is ultimately ignored by the user. A lot like how the web is currently a mess with constant cookie/tracker authorisation prompts. What they need to do is not put the onus on the user, and just identify what they believe is bad behaviour and outlaw that entirely.
> The slippery slope here is that all apps will get a click through that is ultimately ignored by the user.
The key part is that the click-through should give you an option to decline, and the GDPR mandates that you can't use dark patterns or any other methods to sway the choice either way, so it should be as easy to decline than to accept. That seems good.
This is very, very interesting, because as I understand it, it sees the EU "cookie rule" being applied directly to the OS; no (traditional) cookies involved. Microsoft Windows could well be next.
Equally though, GDPR (and predecessor or adjacent legislation) isn't specifically about cookies - common parlance is to refer to it as the "cookie law", but usually it's the ePrivacy Directive that covers cookie use, and it also covers any other kind of identifier that is being used for a purpose other than merely getting bits and bytes to the end user.
Therefore it isn't a huge surprise from a legal perspective, as the legislation is technology agnostic, but it is nonetheless good to see enforcement being carried out, as it helps to remind everyone that the principles of the legislation aren't limited to cookies, and apply to use of identifiers and the act of tracking.