BERLIN (Reuters) – On Monday, a group led by privacy activist Max Schrems filed complaints with Apple against German and Spanish data officials. AAPL.O Online tracking tool, alleging that it allows iPhones to store users’ data without their consent in violation of European law.
This is the first major such action against the American Technology Group in relation to the EU’s privacy regulations.
Apple did not immediately respond to a request for comment.
The California tech giant says it offers users a superior level of privacy protection. The company had announced that it would tighten its rules with the launch of its iOS 14 operating system this autumn but in September it said it would delay the plan until early next year.
Complaints made by digital rights group Noyb were brought by Apple against the use of a tracking code that is automatically generated when it is set on every iPhone, so-called Identifier for Advertisers (IDFA).
The code, stored on the device, allows Apple and third parties to track a user’s online behavior and consumption preferences – critical to Facebook’s choice FB.O Must be able to send targeted advertisements that will interest the user.
“Apple maintains codes that are equivalent to a cookie on its phone without any consent by the user. This is a clear violation of the privacy laws of the European Union, ”said Noyeb’s lawyer, Stefano Rosetti.
Rosetti referred to the e-Privacy Directive of the European Union, which requires the user’s prior consent for the establishment and use of such information.
Apple’s planned new rules will not change this as they will restrict access to third parties but not Apple’s.
According to Counterpoint Research, one out of every four smartphones sold in Europe has Apple.
As claims were submitted to an individual German and Spanish consumers and to the Spanish Data Protection Authority in Berlin and its counterpart, Aubrey Scremes-led privacy advocacy group Noeb has successfully fought two landmark trials with Facebook.
In Germany, unlike Spain, each federal state has its own data protection authority.
Both officials did not immediately respond to requests for comment.
Rossetti said the action was not about high fines, but rather aimed at establishing a clear principle, according to which “tracking should be the exception, not the rule”.
“The IDFA should not only be banned, but permanently removed,” he said.
National data protection authorities have the power to directly fine companies for violating European law under the E-Privacy Directive.
Noyb, who has filed several complaints against Facebook and Google GOOGL.O In Ireland and complained that the National Data Protection Commission is slow to take action, said it expects Spanish and German authorities to act more quickly.
Reporting by Kirsti Knolle. Editing by Jane Merriman and Louise Havens