CNIL Fines Apple 8.5M Euros

January 7, 2023

The CNIL's restricted committee imposed an administrative fine of 8 million euros on the company APPLE DISTRIBUTION INTERNATIONAL because it did not collect the consent of iPhone's French users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals.

Background information

Following a complaint concerning the ad personalization in the App Store, the CNIL carried out several investigations in 2021 and 2022 in order to verify compliance with the applicable regulations.

The CNIL services found that under the old version 14.6 of the operating system of the iPhone, when a user visited the App Store, identifiers used for several purposes, including personalization of ads on the App Store, were by default automatically read on the terminal without obtaining consent.

The breach of the French Data Protection Act

Due to their advertising purpose, these identifiers are not strictly necessary for the provision of the service (the App Store). Therefore, they must not be read and/or deposited without the user's prior consent. However, in practice, the advertising targeting settings available from the "Settings" icon of the iPhone were pre-checked by default.

Moreover, the user had to perform a large number of actions in order to deactivate this setting, since this option was not included in the initialization process of the phone. Therefore, the user had to click on the "Settings" icon of the iPhone, then go to the "Privacy" menu and finally to the section entitled "Apple advertising". These elements did not allow to collect the prior consent of users.

Consequently, the restricted committee, the CNIL's body responsible for issuing sanctions, found a breach of Article 82 of the French Data Protection Act and imposed a fine of 8 million euros on APPLE DISTRIBUTION INTERNATIONAL, which was made public.

It explained this amount by the scope of the processing limited to the Apple Store, the number of people concerned in France, the profits the company made from advertising revenues indirectly generated from data collected by these identifiers and the fact that since then, the company has reached compliance.

Terms of Use | Copyright 2001 - 2023 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement