France fines Apple €150M for “excessive” pop-ups that let users reject tracking

(arstechnica.com)

249 points sebastian_z | 1 comments | 31 Mar 25 17:38 UTC | HN request time: 0.207s | source

Show context

nottorp ◴[31 Mar 25 17:45 UTC] No.43537683[source]▶

Actually Apple were fined because they don't apply the same standard to their own pop-ups that allow users to reject tracking. On Apple popups you seem to need one click, while on 3rd party popups you need to confirm twice.

So the fine seems to be for treating 3rd parties differently from their own stuff.

They could make their own popups require double confirmation instead...

replies(5): >>43537947 #>>43538151 #>>43538242 #>>43538615 #>>43538944 #

ezfe ◴[31 Mar 25 18:39 UTC] No.43538242[source]▶

>>43537683 #

Right, but that second click isn't coming from Apple and they can't control it. The article specifically says that many apps feel like they need additional consent which means they have to request it through two channels.

If Apple doesn't feel like they need additional consent and/or doesn't use ATT-blocked systems then they don't need that.

This is stupid.

replies(3): >>43538299 #>>43538330 #>>43540543 #

leereeves ◴[31 Mar 25 18:44 UTC] No.43538299[source]▶

>>43538242 #

> The article specifically says that many apps feel like they need additional consent

Are they right about that? Does Apple provide the app with confirmation that the user consented, and if they do, is it legal to rely on that confirmation?

replies(2): >>43538371 #>>43538849 #

gruez ◴[31 Mar 25 18:50 UTC] No.43538371[source]▶

>>43538299 #

You can definitely check on whether the user answered yes to the prompt, because if they declined you'll get a null (ie. all 0s) uuid. Whether app developers can rely on that as confirmation for tracking on their side is a purely legal question, and I wish the French government would try to resolve it on their side rather than going straight to fining Apple.

replies(1): >>43538455 #

Swenrekcah ◴[31 Mar 25 18:56 UTC] No.43538455[source]▶

>>43538371 #

As a European Apple user I welcome any and all fines that can be levied on Apple for their anticompetitive practices.

replies(4): >>43538681 #>>43539038 #>>43541806 #>>43544011 #

gruez ◴[31 Mar 25 19:17 UTC] No.43538681[source]▶

>>43538455 #

What's "anticompetitive" here? If the description provided in my previous comment is correct, it seems to be more of a failure on the part of the regulators than anything else.

The EU (through GDPR) also wants some sort of affirmative consent for tracking. That's fair, and results in one prompt. However, iOS obviously can't accept a "trust me bro" from the app itself that it's okay to enable cross-app tracking, so you need a second prompt. The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?

replies(1): >>43538729 #

refulgentis ◴[31 Mar 25 19:21 UTC] No.43538729[source]▶

>>43538681 #

"there is an "asymmetry" in which user consent for Apple's own data collection is obtained with a single pop-up, but other publishers are "required to obtain double consent from users for tracking on third-party sites and applications."

more @ https://news.ycombinator.com/item?id=24109695 (via https://www.forbes.com/sites/johnkoetsier/2020/08/07/apple-a...)

EDIT: Throttled, so reply can go here:

> My previous comment directly addresses the "asymmetry" aspect.

Apologies, you asked what the asymmetry was and I guess I'm still rather confused even after reviewing the thread. I think I've had too much caffeine...or not enough? :)

> The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?

I've been involved in regulatory stuff before and it's considered overreach, generally, when the government does UX design for you. Hopefully, that's a solution Apple can consider, it's a great idea on your end, excellent for users and competition.

replies(1): >>43538738 #

gruez ◴[31 Mar 25 19:22 UTC] No.43538738[source]▶

>>43538729 #

My previous comment directly addresses the "asymmetry" aspect.

>The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?

edit:

>Apologies, you asked what the asymmetry was and I guess I'm still rather confused even after reviewing the thread. I think I've had too much caffeine...or not enough? :)

The point is, I can see where the "asymmetry" is, but I don't understand why they went decided to fine Apple rather than do something on their side (ie. rework the idea of consent in GDPR to allow for reusing the ATT prompt) to fix the "asymmetry". I think most people would agree that the ATT prompt from iOS must stay, and it's better to address the "asymmetry" by making third party apps more streamlined, than by making iOS worse[1]. That would be entirely within the French regulators' remit.

[1] https://en.wikipedia.org/wiki/Harrison_Bergeron

replies(1): >>43540808 #

1. umbra07 ◴[31 Mar 25 22:48 UTC] No.43540808[source]▶

>>43538738 #

> but I don't understand why they went decided

You're assuming the regulators have no other motivations besides increasing consumer privacy?

↑