Apple takes aim at adtech hysteria over iOS app tracking change

Apple has used a speech to European lawmakers and privacy regulators today to come out jabbing at what SVP Craig Federighi described as dramatic, “outlandish” and “false” claims being made by the adtech industry over a forthcoming change to iOS that will give users the ability to decline app tracking. 

The iPhone maker had been due to introduce the major privacy enhancement to the App Store this fall but delayed until early 2021 after the plan drew fire from advertising giants.

Facebook, for example, warned the move could have a major impact on app makers which rely on its in-app advertising network to monetize on iOS, as well as some impact on its own bottom line.

Since then four online advertising lobby groups have filed an antitrust complaint against Apple in France — seeking to derail the privacy changes on competition grounds.

However Apple made it clear today that it’s not backing down.

Federighi described online tracking as privacy’s “biggest” challenge — saying its forthcoming App Tracking Transparency (ATT) feature represents “the front line of user privacy” as far as it’s concerned.

“Never before has the right to privacy — the right to keep personal data under your own control — been under assault like it is today. As external threats to privacy continue to evolve, our work to counter them must, too,” he said in the speech to the European Data Protection & Privacy Conference.

The aim of ATT is “to empower our users to decide when or if they want to allow an app to track them in a way that could be shared across other companies’ apps or websites”, according to Federighi.

Civic society’s objection to the adtech industry’s tracking ‘dark art’ is that it sums to hellishly opaque mass surveillance of the mainstream Internet.

While harms attached to the practice include the risk of discrimination; manipulation of vulnerable groups; and election interference, to name a few.

Federighi took clear aim in his own attack — returning to a descriptor that Apple’s CEO Tim Cook used in a speech to an earlier European privacy conference back in 2018.

“The mass centralization of data puts privacy at risk — no matter who’s collecting it and what their intentions might be,” he warned. “So we believe Apple should have as little data about our customers as possible. Now, others take the opposite approach.

“They gather, sell, and hoard as much of your personal information as they can. The result is a data-industrial complex, where shadowy actors work to infiltrate the most intimate parts of your life and exploit whatever they can find — whether to sell you something, to radicalize your views, or worse.”

Since Cook wooed EU lawmakers by denouncing the “data-industrial complex” — and simultaneously lauding Europe’s pro-privacy approach to digital regulation — scores of individual and collective complaints have been lodged against the adtech infrastructure that underpins behavioral advertising under the EU’s General Data Protection Regulation (GDPR).

Yet regional regulators still haven’t taken any enforcement action over these adtech complaints. Turning the cookie-tracking tanker clearly isn’t a cake walk.

And while the adtech lobby may have been heartened by remarks made yesterday by Commission EVP and competition chief, Margrethe Vestager — who told the OECD Global Competition Forum that antitrust enforcers should be “vigilant so that privacy is not used as a shield against competition” — there was a sting in the tail as she expressed support for a ‘superprofiling’ case against Facebook in Germany, which combines the streams of privacy and competition in new and interesting ways, with Vestager dubbing the piece of regulatory innovation “inspiring and interesting”.

Federighi urged Europe’s lawmakers to screw their courage to the sticking place where privacy is concerned.

“Through GDPR and other policies — many of which have been implemented by Commissioner Jourová, Commissioner Reynders, and others here with us today — Europe has shown the world what a privacy-friendly future could look like,” he said, lathering on the kind of ‘geopolitical influencer’ praise that’s particularly cherished in Brussels.

He also reiterated Apple’s support for a GDPR-style “omnibus privacy law in the U.S.” — something Cook called for two years ago — aka: a law that “empowers consumers to minimize collection of their data; to know when and why it is being collected; to access, correct, or delete that data; and to know that it is truly secure”.

“It’s already clear that some companies are going to do everything they can to stop [ATT] — or any innovation like it — and to maintain their unfettered access to people’s data. Some have already begun to make outlandish claims, like saying that ATT — which helps users control when they’re tracked — will somehow lead to greater privacy invasions,” he went on, taking further sideswipes at Apple’s adtech detractors.

“To say that we’re skeptical of those claims would be an understatement. But that won’t stop these companies from making false arguments to get what they want. We need the world to see those arguments for what they are: a brazen attempt to maintain the privacy-invasive status quo.”

In another direct appeal to EU lawmakers, Federighi suggested ATT “reflects both the spirit and the requirements of both the ePrivacy Directive, and the planned updates in the draft ePrivacy Regulation” — displaying a keen insight into the (oftentimes fraught) process of EU policymaking. (The ePrivacy update has in fact been stalled for years — so the subtle suggestion in Apple’s appeal is its technology levers being flipped to enable greater user privacy could help unblock the EU’s bunged up policy levers.)

“ATT, like ePrivacy, is about giving people the power to make informed choices about what happens to their data. I hope that the lawmakers, regulators, and privacy advocates here today will continue to stand up for strong privacy protections like these,” he added.

Earlier in the speech Federighi also made some plainer points: Likening ATT to the Intelligent Tracking Prevention (ITP) feature Apple added to its Safari browser back in 2017 — pointing out that despite similar objections from adtech then the industry as a whole has posted revenue increases every year since.

“Just as with ITP, some in the ad industry are lobbying against these efforts — claiming that ATT will dramatically hurt ad-supported businesses. But we expect that the industry will adapt as it did before — providing effective advertising, but this time without invasive tracking,” he said.

“Of course, some advertisers and tech companies would prefer that ATT is never implemented at all. When invasive tracking is your business model, you tend not to welcome transparency and customer choice,” he added, taking another swipe at the industry’s motives for objecting to more choice and privacy for iOS users.

At the same time Federighi did acknowledge that the iOS switch to requiring user permission for app tracking “is a big change from the world we live in now”.

Of course it’s one that will likely bring transitionary pain to iOS developers, too.

But on this his messaging stood firm: He made it clear Apple may wield the stick at developers who don’t get with its user privacy upgrade program, warning: “Early next year, we’ll begin requiring all apps that want to do that to obtain their users’ explicit permission, and developers who fail to meet that standard can have their apps taken down from the App Store.”

It was interesting to note that the speech contained both specific appeals to regional lawmakers to stay the course in regulating to protect data and privacy; and more amorphous appeals to (unnamed) competitors — to follow Apple’s lead and innovate around privacy.

But if you’re a tech giant being accused of anti-competitive behaviour by a self-interested adtech clique, framing your desire for increased competition in the (lucrative) business of enhancing user privacy is a nice rebuttal.

“We don’t define success as standing alone. When it comes to privacy protections, we’re very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from,” said Federighi.

“At Apple, we are passionate advocates for privacy protections for all users. We love to see people buy our products. But we would also love to see robust competition among companies for the best, the strongest, and the most empowering privacy features.”

Of course if more iOS developers have to rely on in-app subscriptions to monetize their wares, because users refuse app tracking, it’ll mean more money passing through the pearly App Store gates and straight into Apple’s coffers. But that’s another story.

The Apple SVP also took gentle aim at any EU policymakers who may be imagining it’s a clever idea to crack open the pandora’s box of end-to-end encryption — urging them to strengthen the bloc’s commitment to robust security. Duh.

The backstory here is there’s been some recent chatter around the topic. Last monthdraft resolution made by the Council of the European Union triggered press coverage that suggested EU legislators are on the cusp of banning e2e encryption.

Although, to be fair, the only ‘b’ word the Commission has used so far is ‘balanced’ — when it said its new EU security strategy will “explore and support balanced technical, operational and legal solutions, and promote an approach which both maintains the effectiveness of encryption in protecting privacy and security of communications, while providing an effective response to serious crime and terrorism”.

“I also hope that you will strengthen Europe’s support for end-to-end encryption. Apple strongly supported the European Parliament when it EU parliament proposed a requirement that the ePrivacy Regulation support end-to-end encryption, and we will continue to do so,” Federighi added, tone set to ‘don’t disappoint’.