13 January 2021
As we explain in this article, the “App Tracking Transparency (ATT)” allows Apple to track an iPhone user as he navigates between the different applications he has downloaded, for tracking and targeting purposes.
This is made possible via the iOS 14.5 update that offers this new feature. It can be authorized or refused by the user.
Asking the user for consent when opening an application is a step towards personal data protection but still quite insufficient.
In case the user is located within the European Union, due to the territorial scope (Article 3), the General Data Protection Regulation (GDPR) applies, as Apple, which is based in Cupertino, California, will be processing data from users residing in the EU.
The choice displayed on the user’s screen when updating rather “clear, with simple terms“, is not enlightened. If the user who is in the EU agrees to be tracked, there is no mention on the choice window of the elements required by the GDPR in Articles 12, 13, and 14 (information of persons).
Once the user accepts the tracking – depending on the accesses requested by the application to the iPhone – the following set of data can be retrieved:
Below is an analysis of the adequacy of Apple’s App Tracking Transparency with the principles imposed by the GDPR when processing personal data:
Source: Orange Cyberdefense
Apple’s App Tracking Transparency is the first step towards compliance with the GDPR. However, as the chart above shows, there is still work to be done to be fully compliant with European data protection laws.