Apple utilized a presentation to European legislators and data protection authorities to address what SVP Craig Federighi characterized as inaccurate and exaggerated assertions made by the advertising technology sector regarding an upcoming iOS modification that will allow users to opt-out of app tracking. 

The iPhone manufacturer had initially planned to launch this significant privacy improvement within the App Store this autumn, but postponed its implementation until early 2021 following objections from major advertising companies.

For instance, Facebook cautioned that this change could substantially affect app developers who depend on its in-app advertising network for revenue generation on iOS, as well as potentially impacting its own financial performance.

Subsequently, four advertising industry associations filed an antitrust lawsuit against Apple in France, aiming to prevent the privacy enhancements based on competition concerns.

However, Apple unequivocally stated today that it remains resolute in its position.

Federighi identified online tracking as the most substantial threat to privacy, asserting that the forthcoming App Tracking Transparency (ATT) feature represents “the primary defense of user privacy” from Apple’s perspective.

“Previously, the right to privacy—the right to maintain control over personal information—has never faced such a severe challenge. As external privacy threats continue to develop, our efforts to counteract them must evolve accordingly,” he stated during his address to the European Data Protection & Privacy Conference.

The purpose of ATT is “to give our users the agency to determine whether and when an app can track their activity in a manner that could be shared across other companies’ applications or websites”, as explained by Federighi.

Concerns within civil society regarding the adtech industry’s tracking practices center on the notion of widespread, largely invisible surveillance of internet users.

Potential harms associated with this practice encompass the possibility of discrimination, the manipulation of vulnerable populations, and interference with democratic processes, among other issues.

Federighi directly challenged these practices, echoing a term used by Apple’s CEO Tim Cook in a 2018 speech to a previous European privacy conference.

“The extensive centralization of data introduces risks to privacy—regardless of the entity collecting it or their intentions,” he cautioned. “Therefore, Apple believes it should possess as little data as possible about its customers. Conversely, others adopt a different strategy.

“They accumulate, sell, and retain as much of your personal information as they can. This results in a data-driven ecosystem, where covert entities attempt to penetrate the most personal aspects of your life and exploit any information they uncover—whether to promote a product, influence your beliefs, or engage in more harmful activities.”

Since Cook addressed EU lawmakers, criticizing the “data-industrial complex” and simultaneously praising Europe’s privacy-focused digital regulations, numerous individual and collective complaints have been filed against the adtech infrastructure supporting behavioral advertising under the EU’s General Data Protection Regulation (GDPR).

Despite this, regulatory bodies in the region have yet to take any enforcement measures regarding these adtech complaints. Modifying the established practices of cookie-based tracking is proving to be a complex undertaking.

While the adtech lobby may have found encouragement in recent statements by Commission EVP and competition chief, Margrethe Vestager—who informed the OECD Global Competition Forum that antitrust authorities should be “vigilant to ensure privacy is not used as a pretext against competition”—there was a caveat as she voiced support for a ‘superprofiling’ case against Facebook in Germany, which uniquely combines privacy and competition considerations, with Vestager describing this regulatory approach as “inspiring and interesting”.

Federighi encouraged European lawmakers to remain steadfast in their commitment to privacy.

“Through GDPR and other policies—many of which have been implemented by Commissioner Jourová, Commissioner Reynders, and others present today—Europe has demonstrated to the world what a privacy-respecting future could entail,” he said, offering praise that is highly valued in Brussels.

He also reaffirmed Apple’s support for a GDPR-inspired “comprehensive privacy law in the U.S.”—a concept Cook advocated for two years ago—namely, a law that “allows consumers to limit the collection of their data; to understand when and why it is being collected; to access, modify, or delete that data; and to ensure its security”.

“It is evident that some companies will attempt to prevent [ATT]—or any similar innovation—and maintain their unrestricted access to individuals’ data. Some have already begun to make unsubstantiated claims, such as suggesting that ATT—which empowers users to control tracking—will somehow lead to increased privacy violations,” he continued, further criticizing Apple’s adtech opponents.

“We are highly skeptical of these claims. However, that will not deter these companies from presenting misleading arguments to achieve their objectives. We need the world to recognize these arguments for what they are: a blatant effort to preserve the privacy-compromising status quo.”

In a further direct appeal to EU lawmakers, Federighi suggested ATT “aligns with both the principles and requirements of the ePrivacy Directive, and the proposed updates in the draft ePrivacy Regulation”—demonstrating a nuanced understanding of the (often challenging) process of EU policymaking. (The ePrivacy update has been delayed for several years—so the implication in Apple’s appeal is that its technology could facilitate progress on the EU’s stalled policy initiatives.)

“ATT, like ePrivacy, is about granting individuals the ability to make informed decisions regarding their data. I hope that the lawmakers, regulators, and privacy advocates here today will continue to champion robust privacy protections like these,” he added.

Earlier in his speech, Federighi also made more straightforward points: Comparing ATT to the Intelligent Tracking Prevention (ITP) feature Apple integrated into its Safari browser in 2017—noting that despite similar objections from adtech at that time, the industry as a whole has experienced revenue growth annually since.

“Just as with ITP, some within the advertising industry are opposing these efforts—asserting that ATT will significantly harm ad-supported businesses. However, we anticipate that the industry will adapt as it did previously—delivering effective advertising, but this time without intrusive tracking,” he said.

“Naturally, some advertisers and technology companies would prefer that ATT is never implemented. When invasive tracking is your core business model, you are unlikely to welcome transparency and user choice,” he added, further criticizing the industry’s motivations for opposing greater choice and privacy for iOS users.

At the same time, Federighi acknowledged that the iOS change requiring user permission for app tracking “represents a significant departure from the current landscape”.

This change will likely create challenges for iOS developers during the transition period.

However, he firmly reiterated Apple’s position: He made it clear that Apple may enforce strict requirements for developers who do not comply with its user privacy upgrade program, warning: “Early next year, we will begin requiring all apps that intend to do so to obtain explicit permission from their users, and developers who fail to meet this standard may have their apps removed from the App Store.”

It was noteworthy that the speech included both specific appeals to regional lawmakers to maintain their course in regulating data and privacy; and broader appeals to (unspecified) competitors—to emulate Apple’s leadership and innovate around privacy.

However, if you are a technology company facing accusations of anti-competitive behavior from a self-interested adtech group, framing your desire for increased competition as a commitment to enhancing user privacy is a strategic response.

“We do not measure success by operating in isolation. When it comes to privacy protections, we are pleased to see our competitors adopt our practices or develop innovative privacy features that we can learn from,” said Federighi.

“At Apple, we are dedicated advocates for privacy protections for all users. We are delighted when people purchase our products. But we would also welcome robust competition among companies to develop the best, strongest, and most empowering privacy features.”

Of course, if more iOS developers become reliant on in-app subscriptions to generate revenue, due to users declining app tracking, it will result in increased revenue flowing through the App Store and directly to Apple. But that is a separate matter.

The Apple SVP also gently cautioned any EU policymakers considering the possibility of compromising end-to-end encryption—urging them to reinforce the bloc’s commitment to robust security.

The context here is that there has been recent discussion on this topic. Last month, a draft resolution from the Council of the European Union generated press coverage suggesting that EU legislators may be on the verge of prohibiting e2e encryption.

However, to be precise, the only ‘b’ word the Commission has used so far is ‘balanced’—when it stated that its new EU security strategy will “explore and support balanced technical, operational and legal solutions, and promote an approach which both maintains the effectiveness of encryption in protecting privacy and security of communications, while providing an effective response to serious crime and terrorism”.

“I also hope that you will strengthen Europe’s support for end-to-end encryption. Apple strongly supported the European Parliament when it proposed a requirement that the ePrivacy Regulation support end-to-end encryption, and we will continue to do so,” Federighi added, conveying a clear message: ‘do not disappoint’.