A group led by Austrian privacy activist Max Schrems has filed complaints with the German and Spanish data protection authorities against Apple’s online tracking tool.
The tracking tool under criticism allows iPhones to store user data without their permission which is in violation of European law.
It is a first of its kind significant action against the US technology company with respect to the privacy laws of the European Union.
The iPhone maker claims that it offers the highest degree of privacy protection for users. With the launch of its iOS 14 operating system this year, the company announced it would further tighten its rules, but in September it said it would delay the plan until early next year.
Digital rights group Noyb’s complaints were filed against Apple’s use of a tracking code, the so-called Identifier for Advertisers (IDFA), that is automatically generated on every iPhone when it is set up.
The code, stored on the device, enables Apple and third parties to monitor the online activity and consumption preferences of a user. This is important for companies like Facebook to be able to deliver targeted advertising that would interest the user.
“Apple places codes that are comparable to a cookie in its phones without any consent by the user. This is a clear breach of European Union (EU) privacy laws,” said a lawyer associated with Noyb.
He referred to the EU e-Privacy Directive, which requires the prior permission of the user to have such information used.
The new rules planned by Apple would not alter this, since they would limit access to third parties, but not Apple. According to data, Apple accounts for one in every four smartphones sold in Europe.
Noyb, a privacy advocacy group led by Mr. Schrems who has successfully fought two landmark trials against Facebook, said the allegations were made on behalf of individual German and Spanish users and handed over to the Spanish data protection authority and its counterpart in Berlin. In Germany, each federal state has its own data protection authority, unlike Spain.
Lawyers argued that the case was not about high fines, but rather to establish a clear principle by which “tracking must be the exception not the rule. The IDFA should not only be restricted, but permanently deleted.”
Under the e-Privacy Directive, national data protection authorities have the power to directly fine companies for violating European law.
Noyb, which lodged a number of lawsuits in Ireland against Facebook and Google, argued that the National Data Protection Commission was slow to take action and said they hoped that the Spanish and German authorities would act faster.