The Partners of Kiełtyka Gładkowski KG Legal took part in the webinar concerning the iOS update (14.5) and its consequences for users’ privacy and third-party providers. The speaker was Tom Southern, the Country Offering Manager & Lead Solution Engineer at OneTrust.
While the usage of mobile apps has grown over the pandemic, the focus on privacy has shifted from cookies and websites to mobile apps. The plans to phase out third-party cookies aren’t a novelty in the industry – even Google has announced its plans to do so – but creating an opt in system for third party data collection across the apps in all countries (App Tracking Transparency – ATT) (no matter the country regulations) is a novelty. It is important, as many app developers use a third party to fully develop their app – for example, they may use a vendor to process the in-app payments. Not many users know what data is being collected by the third party.
Not only every app in the Apple App Store has to list all the third parties that collect data – now the user has to give their consent for their data to be shared with the third party. The screen asking for consent appears only once in every app but it’s impossible to skip the step. The choice can be however changed later in the Settings. The company chose to adapt the opt in model, where it is assumed the user does not give consent for their data to be shared unless explicitly being told otherwise. It is important, since in many regions, like United States of America, the opt out option, or assumed consent, is the norm. With the opt out option, the consent to share the data is assumed unless the user explicitly forbids it. The new resolution also applies to Apple TV apps.
Some of the app and add providers raised concerns over the recent iOS update, the biggest one coming from Facebook. A group of Germany’s largest media, tech and advertising companies has also accused Apple of antitrust abuse.
First and foremost, the general opinion of the third party data collection has been that it’s always used for personal gain and never benefits the app users. As some companies stated, the revenue coming from personalised advertising helps to make those apps free. On the other hand, since the iOS update, an explanation as to why a user should agree to share their data with third parties can – and oftentimes is – stated on the prompt asking for consent. It is therefore user’s own choice whether or not they think the benefits exceed the costs.
The ATT doesn’t apply to Apple, as it doesn’t share their data with anyone and uses it only for themselves. However, when it comes to personalised advertisement in Apple App Store, the company chose the opt-out approach.
It has also been brought to attention that some users couldn’t give their consent to share their data as their settings were switched permanently to disallow it.
The new resolutions
The industry has already developed new resolutions. While all the apps in the Apple App Store have to be approved by Apple, it is possible to create both pre-apple-prompt and post-apple-prompt personalised prompts, explaining in more detail why the user should agree to share their data. The post-apple-prompt ones, also known as contextual consent, ask the user to give consent for specific data in specific situations – for example, to give the app access to phone’s localisation or camera. While the Apple’s prompt overrides any decision made via the pre-apple-prompt, the post-apple-prompt directs the user to Settings, where they can change their preferences.
KIELTYKA GLADKOWSKI KG LEGAL on current basis advises on all aspects of data privacy and data protection regulations and prepares guidelines and policies for international Clients, based on Polish and EU law.