France fines Apple €150M for “excessive” pop-ups that let users reject tracking

Right, but that second click isn't coming from Apple and they can't control it. The article specifically says that many apps feel like they need additional consent which means they have to request it through two channels.

If Apple doesn't feel like they need additional consent and/or doesn't use ATT-blocked systems then they don't need that.

This is stupid.

> The article specifically says that many apps feel like they need additional consent

Are they right about that? Does Apple provide the app with confirmation that the user consented, and if they do, is it legal to rely on that confirmation?

Right.

I'm not sure this is fixable?

Or maybe there is widespread misunderstanding of the requirements in this scenario? But I also thought the rule was tough enough to require verifying that extra consent? Maybe it's not?

Truly confused here.

You can definitely check on whether the user answered yes to the prompt, because if they declined you'll get a null (ie. all 0s) uuid. Whether app developers can rely on that as confirmation for tracking on their side is a purely legal question, and I wish the French government would try to resolve it on their side rather than going straight to fining Apple.

As a European Apple user I welcome any and all fines that can be levied on Apple for their anticompetitive practices.

> I'm not sure this is fixable?

Not from Apple's end.

Apple mandates that all requests for permissions go through a single, OS-provided dialog. If a user accepts, the permission is granted; if the user rejects, the permission is not granted, and the app can't ask again. Simple enough.

App developers try to maximize their chances of getting that permission granted by adding another warm-up dialog before actually doing the official permissions request. Since those other dialogs aren't part of Apple's permissions request chain, they can be rejected by the user without consequence, and the app can present them as often as it wants.

There is nothing which requires third-party developers to use these additional dialogs. It's a design pattern (and an annoying one at that) which many developers have gravitated towards. Not all developers use it; in particular, Apple doesn't use it for their first-party apps. And apparently FCA is faulting Apple for not following that pattern themselves.

What's "anticompetitive" here? If the description provided in my previous comment is correct, it seems to be more of a failure on the part of the regulators than anything else.

The EU (through GDPR) also wants some sort of affirmative consent for tracking. That's fair, and results in one prompt. However, iOS obviously can't accept a "trust me bro" from the app itself that it's okay to enable cross-app tracking, so you need a second prompt. The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?

> There is nothing which requires third-party developers to use these additional dialogs.

Well, yes there is: I don't have carte blanche to do whatever I want with your data because you tapped an Apple dialog: I have to obtain your consent first.

"there is an "asymmetry" in which user consent for Apple's own data collection is obtained with a single pop-up, but other publishers are "required to obtain double consent from users for tracking on third-party sites and applications."

more @ https://news.ycombinator.com/item?id=24109695 (via https://www.forbes.com/sites/johnkoetsier/2020/08/07/apple-a...)

EDIT: Throttled, so reply can go here:

> My previous comment directly addresses the "asymmetry" aspect.

Apologies, you asked what the asymmetry was and I guess I'm still rather confused even after reviewing the thread. I think I've had too much caffeine...or not enough? :)

> The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?

I've been involved in regulatory stuff before and it's considered overreach, generally, when the government does UX design for you. Hopefully, that's a solution Apple can consider, it's a great idea on your end, excellent for users and competition.

My previous comment directly addresses the "asymmetry" aspect.

>The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?

edit:

>Apologies, you asked what the asymmetry was and I guess I'm still rather confused even after reviewing the thread. I think I've had too much caffeine...or not enough? :)

The point is, I can see where the "asymmetry" is, but I don't understand why they went decided to fine Apple rather than do something on their side (ie. rework the idea of consent in GDPR to allow for reusing the ATT prompt) to fix the "asymmetry". I think most people would agree that the ATT prompt from iOS must stay, and it's better to address the "asymmetry" by making third party apps more streamlined, than by making iOS worse[1]. That would be entirely within the French regulators' remit.

[1] https://en.wikipedia.org/wiki/Harrison_Bergeron

That, “we need to maintain the ability to pester the user again” pattern is really annoying. Apple should add a screen at initial setup that allows the user to default every permission that it’s possible to use that pattern with to “no” and skip the one time dialog just to screw with apps that do it.

This is interesting to me—are you an app developer that does this pattern for that reason? I definitely figured it was exclusively because they can request repeatedly for the fake prompt, and only “use” their prompt when the user is inclined to accept. There are times where I’ll accept the first prompt and reject the second prompt when apps are spammy about it.

It's part of acceptable use by Apple [1], with guidelines how to show the first popup.

[1] https://developer.apple.com/design/human-interface-guideline...

> Third-party publishers "cannot rely on the ATT framework to comply with their legal obligations," so they "must continue to use their own consent collection solution," the French agency said.

This absolutely sounds like a problem caused by the law and not apple. Apps can’t rely on the prompt for legal authorization (presumably because it is filtered through apples apis?) and must therefore ask themselves.

The only two solutions I see to this is either Apple can’t prompt which means they can’t protect the user or the law can change to accept the prompt as authorization to track.

As a European Apple user, I don’t. I specifically WANT the walled garden. It’s one of the reasons why I buy Apple.

I don't see why that matters? Your app triggered the Apple dialog to be shown, asking a question about what your app is allowed to do, and you can see what the answer the user gave is. Why wouldn't that be enough?

It's considered acceptable within bounds (i.e. no tricking the user into tapping "accept"), but not required. At least, not by Apple.

The link you posted is about not giving the user a choice. It's an optional pre alert screen that only leads to the system request. Apps are choosing to allow users to say no/cancel on that screen that then lets them ask again and again without wasting their one chance with the system prompt pop up.

> The article specifically says that many apps feel like they need additional consent which means they have to request it through two channels.

Surely the same argument can be applied to the cookie law - many sites feel like they need consent therefore it's unfair over people who think they only need one prompt.

> but I don't understand why they went decided

You're assuming the regulators have no other motivations besides increasing consumer privacy?

It's not as if this will remove that. The same with the sideloading. Nobody's forcing you to use it.

I agree, Apple is enshittifying itself at the speed of light. They are were the least worst, but with a competitor like Android ...

All I want is a decent map and signal and sometimes a browser.

And again, this argument is invalid.

As a European Apple user I want politicians and bureaucrats leave the company alone!

They are not a monopoly, they never will be and won't have Microsofts 90% desktop market share, so let the damn market sort it out.

The market does not work unless the rules of fair play are enforced, just like any other endeavour of humanity from sports to politics.

The rules France applies here are not fair and user friendly though:

https://daringfireball.net/2025/03/france_merde_decision_app...

> The bureaucratic hurdles they impose are to the benefit, not detriment, of the surveillance ad industry. That’s now proven out by industry groups — the ones ATT successfully tempered — successfully getting France’s regulators to penalize Apple. Users don’t know how to lobby government bureaucracies. What the Autorité de la Concurrence is saying, in so many words, is that two layers of consent is too much, and the only one that’s necessary is the one that advertising lobbying groups don’t object to, not the one they do (but which users understand and like).