←back to thread

France fines Apple €150M for “excessive” pop-ups that let users reject tracking

(arstechnica.com)
249 points sebastian_z | 1 comments | 31 Mar 25 17:38 UTC | HN request time: 0.221s | source
Show context
nottorp ◴[31 Mar 25 17:45 UTC] No.43537683[source]
Actually Apple were fined because they don't apply the same standard to their own pop-ups that allow users to reject tracking. On Apple popups you seem to need one click, while on 3rd party popups you need to confirm twice.

So the fine seems to be for treating 3rd parties differently from their own stuff.

They could make their own popups require double confirmation instead...

replies(5): >>43537947 #>>43538151 #>>43538242 #>>43538615 #>>43538944 #
ezfe ◴[31 Mar 25 18:39 UTC] No.43538242[source]
Right, but that second click isn't coming from Apple and they can't control it. The article specifically says that many apps feel like they need additional consent which means they have to request it through two channels.

If Apple doesn't feel like they need additional consent and/or doesn't use ATT-blocked systems then they don't need that.

This is stupid.

replies(3): >>43538299 #>>43538330 #>>43540543 #
leereeves ◴[31 Mar 25 18:44 UTC] No.43538299[source]
> The article specifically says that many apps feel like they need additional consent

Are they right about that? Does Apple provide the app with confirmation that the user consented, and if they do, is it legal to rely on that confirmation?

replies(2): >>43538371 #>>43538849 #
1. stagalooo ◴[31 Mar 25 19:30 UTC] No.43538849[source]
> Third-party publishers "cannot rely on the ATT framework to comply with their legal obligations," so they "must continue to use their own consent collection solution," the French agency said.

This absolutely sounds like a problem caused by the law and not apple. Apps can’t rely on the prompt for legal authorization (presumably because it is filtered through apples apis?) and must therefore ask themselves.

The only two solutions I see to this is either Apple can’t prompt which means they can’t protect the user or the law can change to accept the prompt as authorization to track.