Apple can't force app makers to get consent twice to track user data, Italian regulator says.
See full article...
See full article...
Apple hit with $115M for “extremely burdensome” App Store privacy policy
- Thread starter JournalBot
- Start date
Am I the only one who feels like this one is a bit of a miss?
There should be less tracking and personalized ads, not more, and I don't like Apple getting punished for doing something that nudges users towards more privacy-respecting settings.
There should be less tracking and personalized ads, not more, and I don't like Apple getting punished for doing something that nudges users towards more privacy-respecting settings.
Upvote
309
(330
/
-21)
A possible outcome here is for Apple to require that the system level approval for tracking to be the ONLY approval allowed.
I somehow don’t think that’s what the plaintiffs (and then courts) had in mind, however…
Edit : to do that, then Apple would need to allow developer to see the allowances for tracking, which means that developers could then hide functionality behind allowing to track, which would not be in consumers interest…
Upvote
73
(74
/
-1)
Yeah this is a really
This is a user-hostile move that on its face looks to be pushing back against corporate overreach when it’s actually the opposite. People accidentally click to agree with horrible terms all the time just based on muscle memory and limited time in the day, to speak nothing of the battle against dark patterns making that even more difficult.
Requiring apps to double check that users didn’t really want to give all of their personal data away is a solid start in the right direction IMO.
Agreed.. what a very strange take from a government.
This is a user-hostile move that on its face looks to be pushing back against corporate overreach when it’s actually the opposite. People accidentally click to agree with horrible terms all the time just based on muscle memory and limited time in the day, to speak nothing of the battle against dark patterns making that even more difficult.
Requiring apps to double check that users didn’t really want to give all of their personal data away is a solid start in the right direction IMO.
Last edited:
Upvote
146
(156
/
-10)
I'm more in favor of anything that safeguards user data / choice, but Apple does have a weird tendency to do "rules for thee, not for me".
A few months back I signed up for a 3-month trial of Apple News. I went to immediately cancel it so it wouldn't auto-renew. For every trial of a third-party iOS app I have ever done, even after cancelling you retain access for the remainder of the trial period.
With Apple News though, cancelling would have caused me to immediately lose access. I had to set a calendar reminder a few days before it auto-renewed to cancel it. Felt very sketchy and I'm surprised Apple would blatantly privilege their own services in such a way with all the scrutiny being applied to them.
---
Edit: To reiterate, I am in support of anything that favors the user / privacy. My comment is about Apple requiring one thing of other developers while not imposing the same requirement on itself, which appears to be at least part of the legal findings with this story.
My anecdote about Apple subscriptions is another area where Apple grants themselves a privilege (revoking trial access immediately) which they do not grant to other iOS developers. See https://arstechnica.com/civis/goto/post?id=44151735.
A few months back I signed up for a 3-month trial of Apple News. I went to immediately cancel it so it wouldn't auto-renew. For every trial of a third-party iOS app I have ever done, even after cancelling you retain access for the remainder of the trial period.
With Apple News though, cancelling would have caused me to immediately lose access. I had to set a calendar reminder a few days before it auto-renewed to cancel it. Felt very sketchy and I'm surprised Apple would blatantly privilege their own services in such a way with all the scrutiny being applied to them.
---
Edit: To reiterate, I am in support of anything that favors the user / privacy. My comment is about Apple requiring one thing of other developers while not imposing the same requirement on itself, which appears to be at least part of the legal findings with this story.
My anecdote about Apple subscriptions is another area where Apple grants themselves a privilege (revoking trial access immediately) which they do not grant to other iOS developers. See https://arstechnica.com/civis/goto/post?id=44151735.
Last edited:
Upvote
6
(92
/
-86)
If the only way you can make money is from invasive data stealing ads than you need to change your business model.
Content aware ads should be enough. If your app is about motorcycles have motorcycle adjacent ads.
Content aware ads should be enough. If your app is about motorcycles have motorcycle adjacent ads.
Upvote
173
(179
/
-6)
I wonder if Meta and its peers are behind this. At least in the USA, it's not unusual to have big businesses "astroturf" by pushing for laws and/or court decisions in the name of "supporting small businesses".
The neoliberal wing of the Republican Party has made this strategy into a lifestyle: recruit support from small business owners upset about over-regulation, then turn around and help megacorps engage in regulatory capture.
Upvote
101
(112
/
-11)
I really have trouble justifying the idea that Apple can't set rules for its own store-- especially given the moves to force them to open up to third party app stores.
If the point of allowing other storefronts is to admit entrants with different policies (payments, compliance, and otherwise), it just seems strange to me to say that Apple now can't enforce policies on its own store; essentially, wasn't the point of making iOS more store-agnostic precisely so that their monopolistic hold on app distribution would be weakened?
This feels like overreach when we already have a remedy.
If the point of allowing other storefronts is to admit entrants with different policies (payments, compliance, and otherwise), it just seems strange to me to say that Apple now can't enforce policies on its own store; essentially, wasn't the point of making iOS more store-agnostic precisely so that their monopolistic hold on app distribution would be weakened?
This feels like overreach when we already have a remedy.
Upvote
115
(130
/
-15)
Yes.
Especially because once you build the panopticon, it gets used—with or without the intentions of the original implementers. Its data can be sold, stolen, and taken under duress (by governments, for instance).
The only safe thing is not to create that data in the first place—which is why surveillance ad tech should not be allowed.
Upvote
81
(82
/
-1)
In the context of video streaming or “newspaper” services, my experience has been otherwise: a free or reduced cost trial typically was terminated immediately upon cancellation.
Apple News is being treated as a service more than an app, I guess.
Upvote
29
(35
/
-6)
Many moons back, I worked at a large trucking company, doing logistics work for them. I ended up on a panel/working group for their implementation of new safety technologies, most as a nominal representative for my department within the company. (The tech was digital driver logs and tracking, for anyone curious—"e-logs" of the driver's driving time, sleep time, etc., intended to restrict driver hours and enforce adequate sleeping periods.)
They were completely open about the fact that they hoped to get the very expensive technology mandated by law (it eventually was), because they were confident that it would drive large numbers of smaller competitors out of business due to the cost of regulatory compliance (it did).
Big companies are often the ones that push for onerous regulatory burdens, because they can absorb them, and the smaller nimbler competitors they fear often cannot.
ETA: and this was a best case scenario! because e-logs really did make the industry safer, by reducing the rampant paper log fraud that truck drivers used to drive 400-500 miles a day on very little sleep. Many pushed for regulatory burdens have little to no useful purpose.
Last edited:
Upvote
84
(84
/
0)
Easy fix. One time “The Italian Government wishes to make things easy for you with a one time permission which will allow all apps to read all your personal data. Do you agree to share your private data with every app you install?”
Upvote
25
(33
/
-8)
Only 2 yes buttons? There should be at least an "are you sure?" followed by an "are you REALLY sure?".
Upvote
-7
(9
/
-16)
Correct. The issue with the supposedly anti-competitive "double prompt" is that Apple was prompting some users twice- once to be tracked (which Apple itself had to prompt for in its own apps) and once for the tracking to be handed over to a 3rd party as per EU regulations (eg Facebook or Google). The second prompt did not affect Apple's apps as Apple does all their tracking in-house, so Apple apps only prompt once.
The "anti-competitive" aspect here is that the EU believes it is impossible for small developers to take advantage of tracking in-house. Ie they are somehow "forced" to hand your data over to Google and FB whereas big bad Apple is not by virtue of its size. Thus it is "unfair" for the prompts to point out who is selling your data to a 3rd party and who isn't.
The solution the EU wants is for a single prompt allowing you to be both tracked and have your data sold to a 3rd party. That prompt would then apply to Apple's own apps, making everyone "equal". However Apple believes that there is a distinction between allowing a trusted company to track you and allowing that company to sell your data to the whole web. Unfortunately, the EU doesn't get it.
Upvote
85
(96
/
-11)
When I am about to download a new app, the first thing I scroll to is the privacy nutrition label.
If the app has a clear overreach in tracking requirements and the developer isn't trustworthy (or haven't been so far), I do not download. Simples.
If an app has no (or absolute minimal) tracking and is clear about what they track in their privacy policy and require a payment, I'm more likely to do that.
If the app has a clear overreach in tracking requirements and the developer isn't trustworthy (or haven't been so far), I do not download. Simples.
If an app has no (or absolute minimal) tracking and is clear about what they track in their privacy policy and require a payment, I'm more likely to do that.
Upvote
17
(21
/
-4)
AI is cool i guess
Wise, Aged Ars Veteran
lol, this is peak regulatory brainrot.
regulators spent years screaming about privacy (gdpr), but the second a tech company builds a tool that actually stops tracking (att), they fine them for "harming ad revenue."
let that sink in. they are fining apple because apple made it too easy for users to say "no" to surveillance.
the regulator is explicitly siding with the data brokers here. they are admitting that their preferred version of "privacy" is a cookie banner you blindly click "accept" on, not a system-level toggle that actually cuts the data pipe.
they don't want privacy. they want compliance theater. apple disrupted the theater by giving users actual agency, and the regulators panicked because it hurt the rent-seekers.
$115m is a parking ticket, but the message is clear: "do not disrupt the grift."
regulators spent years screaming about privacy (gdpr), but the second a tech company builds a tool that actually stops tracking (att), they fine them for "harming ad revenue."
let that sink in. they are fining apple because apple made it too easy for users to say "no" to surveillance.
the regulator is explicitly siding with the data brokers here. they are admitting that their preferred version of "privacy" is a cookie banner you blindly click "accept" on, not a system-level toggle that actually cuts the data pipe.
they don't want privacy. they want compliance theater. apple disrupted the theater by giving users actual agency, and the regulators panicked because it hurt the rent-seekers.
$115m is a parking ticket, but the message is clear: "do not disrupt the grift."
Upvote
62
(78
/
-16)
Apple actually has the opportunity to genuinely fix the ad-infested world of apps, if they want to take it.
Imagine for a moment if you could subscribe to 'no ads' system wide for a few dollars a month. Anyone using the ad API would instead get a flag saying you're a subscriber, and paid the same amount as if they had served an untargeted ad, provided they did not actually serve up an ad. The end user pays the $5/month or whatever, and that provides a pool of money to pay those ad impression fees.
There's obviously a lot of details to figure out for this to happen, but they are already doing it with games so it's entirely possible.
Imagine for a moment if you could subscribe to 'no ads' system wide for a few dollars a month. Anyone using the ad API would instead get a flag saying you're a subscriber, and paid the same amount as if they had served an untargeted ad, provided they did not actually serve up an ad. The end user pays the $5/month or whatever, and that provides a pool of money to pay those ad impression fees.
There's obviously a lot of details to figure out for this to happen, but they are already doing it with games so it's entirely possible.
Upvote
40
(40
/
0)
I would like to be able to require developers to ask once if they can collect my data, and then to actually never ask nor attempt to do so after I tell them no.
Upvote
51
(51
/
0)
That's been the opposite of my experience. Spotify, discord, netflix, crunchyroll (even their 7 day trial things), and all the major subscriptions lets you have the rest of the x day trial/x months introductory offer/etc...
Upvote
26
(27
/
-1)
Maybe this judgment has some merit taken in isolation but frankly “developers whose business model relies on the sale of advertising space, as well as advertisers and advertising intermediation platforms.” will get no sympathy from me. Democratic polities should be seeking to reduce and eliminate these business models not proping them up.
Upvote
35
(37
/
-2)
When you pay for a subscription it runs until the cancel date when canceled. If it's completely free then it usually cancels immediately because it's a marketing tool. (see; there's no such thing as a free lunch) They give you that free subscription so you subscribe to the service, it's not out of the goodness of their hearts. They want you to forget to cancel, it's the whole point. The process is completely transparent as you found out when you tried to cancel early and were warned that cancellation would be immediate.
I dislike the entire concept of selling your privacy for an app. Most consumers have no idea how sophisticated the data brokers are or how much they actually know about you. I'd have no problem if Apple instituted a policy of not selling of data to third parties at all, the same policy they set for themselves.
Can you enlighten me about policies that Apple has that doesn't apply to them but applies to app developers?
Last edited:
Upvote
32
(35
/
-3)
The issue here is that targeted ads are worth a lot of money, and the EU wants 3rd party apps to have that option. Thus a no-ads system that paid out at the much lower untargeted rate would not satisfy the EU.
You are also way off on $5 / month for everything to be ad free. The ads on Disney Plus Standard alone are worth $7 / month. Based on that, an ad free version of your whole life would probably be several hundred a month and have few takers.
Apple Arcade is hardly a thriving service.
Upvote
-6
(10
/
-16)
You don't understand what the issue is here. The second layer of consent is for the app maker to sell the data to a 3rd party, such as Google or FB. Apple doesn't do that, so there is no reason to force Apple to double consent. The EU claims it is impossible for small devs to compete without selling your data, ie that only big companies like Apple are capable of using user data internally for profit.
Upvote
38
(44
/
-6)
Fuck italian regulators, hold apple to the same consent they ask of other developers but don't fukcing make it easier for us to be scammed out of our privacy
Upvote
-16
(5
/
-21)
It's a sad reality, but the bigger the gov, the bigger the corporations. That's because it takes a big corporation to lobby and influence a big government. In this case, FB and Google have convinced the EU bureaucracy that indie app developers could never make a living without selling user data to them for targeted ads. And if everything stayed as it is today, that would probably be true.
But what the bureaucrats are too blind to see is that if nobody was allowed to sell their users' data to a 3rd party, the market would eventually adjust. Either the cost of non-targeted ads would go up (because targeted ads would no longer be available) or people would pay a little more for their app upfront or whatever. It's highly unlikely that a world without Google, FB, and their ilk would actually be a world devoid of indie apps.
Upvote
25
(26
/
-1)
Yet another comment not understanding why the double consent doesn't apply to Apple. Ars should really explain this in the article next time. Here you go:
Upvote
30
(35
/
-5)
They're not nudging users towards more privacy-respecting settings. They're nudging developers toward privacy respect - and that's the perceived problem... where developers are concerned.
Apple are correct.
Upvote
25
(30
/
-5)
Like I said, details to figure out. It was an offhand comment more than a robust proposal.
My initial take was also a bit of an overstatement. I didn't assume it would remove ads in media streaming services, just all the utility apps that get ads or which have subscriptions. Likely it couldn't eliminate ads in social media apps either. However this is of course not what I wrote and you responded to.
It would represent a middle ground between 'live with ads in these apps I use a few minutes a day' and 'subscribe to those apps for $15/year or whatever they charge'. Right now I'm subscribing to about $4/month worth of apps in this category, which is what drove my $5/month guess. I don't want ads in my weather, workout, password database, etc apps, but right now it's a messy nest of subscriptions.
My first thought was actually 'let me pay your ad impression rate directly' but that would likely result in bizarre abuse.
Upvote
2
(3
/
-1)
I'm sure this is not universally true. I've only ever subscribed to Netflix, Amazon Prime, Disney+ and Paramount+ as part of a free 30-day promotion. And once I cancelled, the service remained accessible till the end of the 30 days. The cancellation pages all even listed the last date of service.
It may well be that many other services may terminate access immediately, but the 'till end of promotional period' service seems pretty common.
Upvote
9
(12
/
-3)
Upvote
-10
(9
/
-19)
Except that companies don’t make that much from showing ads and selling user data. There was an article on Ars some time ago about Facebook falling foul of EU rules and that they must offer an alternative to personalised ads. The subscription cost Meta tried to charge was far higher than their revenue divided by their number of active users. These companies clearly value user data harvesting more than the direct financial benefit they gain from it.
Upvote
12
(15
/
-3)
Upvote
13
(13
/
0)
Apple don't require double consent for anybody.
Apple requires a single consent for everybody including themselves.
The second consent is required by the EU.
Upvote
45
(48
/
-3)