Actually Apple were fined because they don't apply the same standard to their own pop-ups that allow users to reject tracking. On Apple popups you seem to need one click, while on 3rd party popups you need to confirm twice.
So the fine seems to be for treating 3rd parties differently from their own stuff.
They could make their own popups require double confirmation instead...
It's anti-competitive. Apple owns the platform and is giving preference to it's own apps on that platform. Every non-Apple app that competes with an Apple app is harmed.
So the solution is Apple will be forced to trust that apps asked properly, and grant whatever permissions the app claims I agreed to? And that's going to encourage me to use more third party apps?
If they want to own the platform and compete on it simultaneously, they need to abide by the same common carrier rules they impose on everyone else. They could easily achieve this by enforcing the same level of security on their own apps.
Seems like it’s roughly what it is about. Apple has a mandatory consent, but won’t adapt it so that third party apps can integrate their own tracking consent into it. As a result third party apps are treated differently than first party because they have one fewer consent screen. That advantages entrenched incumbents with big, locked-in user bases and disadvantages new entrants. Since Apple owns the platform, it’s anticompetitive to pass regulations (which is what Apple is doing here) that discriminate against other participants in a way that acts as a competitive advantage.
Consumers are only part of the competition equation. I bet consumers also love the initial phases of dumping, but regulators have to look beyond short-term consumer preferences.
Regulators don’t have to look beyond short term consumer preference (or rather, consumer benefit) with respect to dumping actually, because only the long term aspect of dumping (when prices are raised on consumers after driving competitors out of the market) is illegal. A company is free to burn as much capital as it wants while it is trying to enter and take over a market.
What mechanism can the regulators use to prevent competition going out of business while maintaining the artificially low prices? Ban price hikes after the competition is dead? What if the dumper decides to leave the market entirely after destroying the competition? [see Walmart leaving small towns, and the resulting food deserts].
The more proactive approach is tractable since it preserves competition (easy) instead of low prices (hard, on shakier legal footing)
What mechanism can the regulators use to prevent potential dumpers from entering a market? Setting price controls on the entire economy? What if the market is currently beholden to a decentralized monopoly with artificially high prices? [see taxis and the arguments people made for Uber’s existence despite it being an obvious dumping operation]
The more proactive approach requires an omniscient regulator that you hope preserves competition but really can only guarantee current prices and incumbent profits.
> The legal system, including the discovery process, and basic accounting to calculate when the selling price is lower than BoM cost.
So price controls is your answer? The Costco rotisserie chicken is illegal monopolization in your world.
> What mechanism can the regulators use to prevent competition going out of business while maintaining the artificially low prices?
The legal system, including the equitable power to split up companies under antitrust law.
There is a reason that the proactive approach has been roundly rejected by courts in the modern day, despite Lina Khan’s best efforts to push it. Despite your comment earlier about preserving competition being “easy” (preserving competition via regulation is never easy) and preserving low costs being “hard” and on “shakier legal footing,” the test for antitrust remains consumer harm, not competition.
> The legal system, including the equitable power to split up companies under antitrust law.
And how well has this been working out? There hasn't been a real threat of forced divesture since Microsoft's anti-trust case back in the 1990s, and large companies are willing to pay fines that are dwarfed by the profits earned from destroyed competition. How does paying a fine undo consumer harm?
> Yes, but are consumers that knowingly bought into the Apple ecosystem harmed?
It seems that this logic would prevent any regulation of what happens on macOS or iOS, since anyone who is using either has knowingly bought into the Apple ecosystem. (And analogously for Windows, since anyone who is using it has knowingly bought into the Microsoft ecosystem.)
Were Windows 98 users "harmed" because IE5 was bundled with the OS? They "knowingly bought into the Microsoft ecosystem", after all.
Clearly the consensus is that YES, they were harmed, and the proof is the Web 2.0 revolution driven by the eventually broken browser monopoly by Firefox and Chrome. But at the time the tech industry trenches were filled with platform fans cheering Gates et. al. and claiming sincerely to want the benefits of the unified Microsoft Experience.
Every time you take an Uber or reserve an AirBnB you're demonstrating the fallacy of that kind of thinking.
Basically: yes, competition is good always, no matter how tempted you are to believe the opposite.
FWIW, that's just saying that government antitrust action didn't break the monopoly in question, not that it wasn't harmful. Clearly it was harmful. And Apple's is too.
And yet and still without government intervention, Chrome now dominates to the point where Microsoft gave up and now uses the Chromium engine.
Just maybe if the EU spent more time encouraging innovation instead of passing laws, they would have a real tech industry.
Every Mac and Windows user who uses Chrome made an affirmative choice to download Chrome and didn’t need the government to help them make a decision.
Today in the US, even though the average selling price of an iPhone is twice that of an Android where there are dozens of choices and Android is backed by a trillion dollar company, 70% of users in the US choose iPhones.
In every single country, people with more money choose Apple devices using their own free will even though there are dozens of cheaper Android devices to choose from.
Just like people said “no” to ad tracking when given a choice and now the ad tech industry isn’t happy with that choice.
Microsoft basically invented AJAX and spurred the entire web 2.0 revolution. Other browsers weren't prevented from being installed.
Compare what Apple does on iDevices. Safari comes pre-installed, and every competing browser can only skin the OS engine; competing browsers can't actually port their own offerings. On top of that, if you actually want to sell a browser, Apple will get a cut of your sales.
And yet, Apple's app store and ecosystem doesn't seem to be treated as a monopoly in this regard. If not here, why wouldn't they also get away with all of their other anti-competitive practices?
FWIW, I think they should be treated consistently as a monopoly. As a backup option, I'll settle for consistently treated as not-a-monopoly.
Mixing and matching rulings will only serve to hurt in the long run.
Does Apple list all the advantages they give themselves over the competition on the iPhone boxes in stores & on their websites? Otherwise the customer can't "knowingly" buy into the ecosystem, they only discover the extent of this once they've bought the device.
You might be ok with it, but the regulators want Apple to treat third parties the same way they treat their own apps, and that's a good thing. Either everyone would generate two prompts, or no one, but excluding yourself is just favoritism.
Yup, it's much, much better for the rules to be exactly the same than any debate about how much difference is permitted. No difference unless you can demonstrate a compelling reason for it.
Apple doesn’t have a track record of abusing user privacy, unlike the plethora of third party apps that want to aggressively track you and sell that data.
Tracking is just targeting integrated over time. If you can be targeted a number of times, and somebody can connect those data points, that's tracking!
So I guess the question hinges on if the data Apple shares with their partners can be fingerprinted or not.
Apple does not share identifiable personal data with partners for the purpose of advertising, which is why its apps don’t ask for permission to track. Almost everyone arguing against Apple in these comments seems to misunderstand this, likely because of motivated reasoning.
As as I understand, declining to use the ATT framework just means they don't share the system advertising identifier (IDFA). That does not mean the information they do share cannot be fingerprinted.
Losing access to IDFA is the technical mitigation, but the ATT prompt also places policy obligations on developers. Preventing tracking technically entirely is a technical dead end. There are too many sources of entropy. ATT primarily operates at a policy level.
I don't care. We don't have to wait for Apple to show they're untrustworthy before we hold them at arm's length like we hold any other app developer or advertiser.
Apple has convinced a lot of people through sheer PR force that they are 100% trustworthy and therefore all of their restrictions and self-bypasses of those restrictions are warranted. Either all of it is OK, or none of it is, unless Apple enjoys getting it wrong and getting fined.
So let me tell you, there was a tribe in a village and they had many rules,
some young boys hated the rules so they left and made their own village with no rules. One day one of them made a fire and let it unsupervised and many of their shacks burned so the boys decided that there should be one rule about not letting fires unsupervised.... the story continues with similar issues happening and they reluctantly adding one more tule, then one more rule until they get tot he same original rules from the original village.
Imagine if people from the old village came to the new village and said that they wanted to set up the rules they had in the old village but they want to live in the new village. Some people are perfectly happy in the new village, but the people who came from the old village say that the rules are unfair.
As someone who actively wants Apple provide a tighter experience, this is how I feel. I have a nice garden that I'm playing in, and others have a sandbox. They like my garden because it's sunny, but they want the rules of their sandbox to apply to my garden. The grown ups let them in, and now there's nowhere to play that doesn't have sand anymore.
>As someone who actively wants Apple provide a tighter experience, this is how I feel. I have a nice garden that I'm playing in, and others have a sandbox. They like my garden because it's sunny, but they want the rules of their sandbox to apply to my garden. The grown ups let them in, and now there's nowhere to play that doesn't have sand anymore.
The laws are created for all, all people, all companies. We do not give Apple exceptions because reasons like this guy likes it as it is. When Apple decides to do business in a country it accepts the laws there, if they do not like the laws then they can just refuse to do business there.
My response is on topic for the comment it responds.
But in case someone else fails to understand the message,
the rules are added because someone made something bad intentionally or now,
so can you guess why the companies were forced to add "Unsubscribe" in their emails? do you think someone imagined this rule for no reason ?
A good faith interpretation of the parent's comment might assume the tribe's leaders started making arbitrary rules about fires which were of questionable benefit to the tribe and when the tribe did things there own way the leaders took bananas from them as a punishment.
If the rules being made are not of clear benefit to the tribe then surely it is right to question them? Your point that rules can be good should be self-evident, as is the inverse - that rules can be bad. What's important here who is the beneficiary of those rules.
That is borderline tautological. Apple should comply with the regulations, because they are the regulations. The regulations are there to protect users, a 3rd party application is more likely to harm the user, so less trust is warranted.
And if it weren't a dominos app, but an otherwise identical or better third party app? Which through this now has a disadvantage compared to Apples app. Making it worse (regardless of how small or large that downside is) compared to whatever Apple offers, not because of having the worse product in the category, but because Apple also happens to own the otherwise unrelated operating system.
> Domino's doesn't have to ask twice. They're choosing to.
According to the article, the French agency believes they would have to ask twice:
> Third-party publishers "cannot rely on the ATT framework to comply with their legal obligations," so they "must continue to use their own consent collection solution," the French agency said.
I always thought it was because where you to deny in the Apple popup, that decision is “final”, whereas if they can gauge your mood before that, they can keep pestering you about it in the future.
I’ve seen confirm (app) -> confirm (Apple), but never deny (app) -> deny (Apple).
I don't think the Camera app asks for permission to use the Camera.
You could argue that choice is questionable because Apple needs to follow its own rules, but also .. it is the Camera app. I think if you don't want the Camera app to use the Camera you probably should not have opened the app at all.
ATT (App Tracking Transparency) is the dialog that says something like "Facebook would like permission to track you across apps and websites owned by other companies. Your data will be used to ... $AppProvidedExcuseHere." with "Allow Tracking" and "Ask App Not To Track" buttons.
ATT is the First consent.
The SECOND consent this case is about is the in-app consent that needs to happen according to French law. I can't give an example of that because I do not live in France but I assume this is probably some horribly designed page inside a French app that asks you to share your data with the ad surveilance industry.
> The SECOND consent this case is about is the in-app consent that needs to happen according to French law. I can't give an example of that because I do not live in France but I assume this is probably some horribly designed page inside a French app that asks you to share your data with the ad surveilance industry.
I don't live in france but I'm familiar with the popups. many apps on first install will give you an in-app prompt asking if they can send you push notifications. If you accept, you get the system prompt. if you decline, you don't. I'm not a regulator, but it seems they've misread this one IMO - they only need to provide the conseent at the platform level and can opt out at the platform level if they so wish.
Apple has its own trackers and ad services. But it treats itself specially. While other apps need to ask. Maybe I don't want some apps from apple to have the same permissions, as other apps from apple. It is basically bundling. I agreed for one app from apple to share data, not for all apps from apple. Oh, and don't let me start about wording they use on these pop-ups... Like when I download some app from the internet, which is signed, notarized and so on, it still asks: oh, you downloaded this app from the internet (surprise!)... Instead of: "ok, you downloaded from internet, it has sign, notarification, developer is already delivering software for 10 years and have 20 million users, so looks safe to run...". Basically, fear inducing messages instead of actually useful from security sense.
Are you also okay with Apple only asking once for Apple Advertising and making other advertising ask twice?
I don't mean ads for Apple products. I mean the ads that Apple sells in News, the App Store, where they track your behavior to personalize the ads you see and to see if you ever buy what the ad is selling.
it's not the consumers, it's the competitors. Instead of comparing apples to pizas, compare something like the Notes app compared to a 3rd party notes app. Any web/app dev knows each extra click adds friction and reduces retention, so that extra pop up can be a subtle advantadge to the one who manages the platform.
The Camera app wouldn't need an ATT confirmation, of course. Apple has some other products which do feature targeted advertisements, including News and even the App Store itself.
Apple created this problem for itself when they decided that they wanted to double dip and become advertisers (while conveniently making advertisement less effective for everyone else). The amount they net from it surely can't be worth the trouble is causes. It's also simply scummy and always puts conflicting interests at play.
Still don't understand the two versus one confirmation thing. I have tracking entirely disabled so apps can't even request it, but it'd be nice to see some workflow of how Apple's tracking works versus everyone else. The complaint almost seems that Apple apps simply do track your details and use them for targeting, without any confirmation (which Apple argues is okay because there is no third party getting the deets), where others have to do the confirmation.
The pen pushers in France. As a consumer your choice does not matter much as much as the government servants who have decided that they know what is good for you.
>The agency said there is an "asymmetry" in which user consent for Apple's own data collection is obtained with a single pop-up, but other publishers are "required to obtain double consent from users for tracking on third-party sites and applications."
Right, but that second click isn't coming from Apple and they can't control it. The article specifically says that many apps feel like they need additional consent which means they have to request it through two channels.
If Apple doesn't feel like they need additional consent and/or doesn't use ATT-blocked systems then they don't need that.
Or maybe there is widespread misunderstanding of the requirements in this scenario? But I also thought the rule was tough enough to require verifying that extra consent? Maybe it's not?
Apple mandates that all requests for permissions go through a single, OS-provided dialog. If a user accepts, the permission is granted; if the user rejects, the permission is not granted, and the app can't ask again. Simple enough.
App developers try to maximize their chances of getting that permission granted by adding another warm-up dialog before actually doing the official permissions request. Since those other dialogs aren't part of Apple's permissions request chain, they can be rejected by the user without consequence, and the app can present them as often as it wants.
There is nothing which requires third-party developers to use these additional dialogs. It's a design pattern (and an annoying one at that) which many developers have gravitated towards. Not all developers use it; in particular, Apple doesn't use it for their first-party apps. And apparently FCA is faulting Apple for not following that pattern themselves.
The link you posted is about not giving the user a choice. It's an optional pre alert screen that only leads to the system request. Apps are choosing to allow users to say no/cancel on that screen that then lets them ask again and again without wasting their one chance with the system prompt pop up.
That, “we need to maintain the ability to pester the user again” pattern is really annoying. Apple should add a screen at initial setup that allows the user to default every permission that it’s possible to use that pattern with to “no” and skip the one time dialog just to screw with apps that do it.
> There is nothing which requires third-party developers to use these additional dialogs.
Well, yes there is: I don't have carte blanche to do whatever I want with your data because you tapped an Apple dialog: I have to obtain your consent first.
I don't see why that matters? Your app triggered the Apple dialog to be shown, asking a question about what your app is allowed to do, and you can see what the answer the user gave is. Why wouldn't that be enough?
This is interesting to me—are you an app developer that does this pattern for that reason? I definitely figured it was exclusively because they can request repeatedly for the fake prompt, and only “use” their prompt when the user is inclined to accept. There are times where I’ll accept the first prompt and reject the second prompt when apps are spammy about it.
> The article specifically says that many apps feel like they need additional consent
Are they right about that? Does Apple provide the app with confirmation that the user consented, and if they do, is it legal to rely on that confirmation?
You can definitely check on whether the user answered yes to the prompt, because if they declined you'll get a null (ie. all 0s) uuid. Whether app developers can rely on that as confirmation for tracking on their side is a purely legal question, and I wish the French government would try to resolve it on their side rather than going straight to fining Apple.
> The bureaucratic hurdles they impose are to the benefit, not detriment, of the surveillance ad industry. That’s now proven out by industry groups — the ones ATT successfully tempered — successfully getting France’s regulators to penalize Apple. Users don’t know how to lobby government bureaucracies. What the Autorité de la Concurrence is saying, in so many words, is that two layers of consent is too much, and the only one that’s necessary is the one that advertising lobbying groups don’t object to, not the one they do (but which users understand and like).
What's "anticompetitive" here? If the description provided in my previous comment is correct, it seems to be more of a failure on the part of the regulators than anything else.
The EU (through GDPR) also wants some sort of affirmative consent for tracking. That's fair, and results in one prompt. However, iOS obviously can't accept a "trust me bro" from the app itself that it's okay to enable cross-app tracking, so you need a second prompt. The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?
"there is an "asymmetry" in which user consent for Apple's own data collection is obtained with a single pop-up, but other publishers are "required to obtain double consent from users for tracking on third-party sites and applications."
> My previous comment directly addresses the "asymmetry" aspect.
Apologies, you asked what the asymmetry was and I guess I'm still rather confused even after reviewing the thread. I think I've had too much caffeine...or not enough? :)
> The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?
I've been involved in regulatory stuff before and it's considered overreach, generally, when the government does UX design for you. Hopefully, that's a solution Apple can consider, it's a great idea on your end, excellent for users and competition.
My previous comment directly addresses the "asymmetry" aspect.
>The obvious solution would be to combine the two, by allowing the ATT prompt to be used as consent for the purposes of GDPR. Why didn't French regulators go with this solution and decide to fine Apple instead?
edit:
>Apologies, you asked what the asymmetry was and I guess I'm still rather confused even after reviewing the thread. I think I've had too much caffeine...or not enough? :)
The point is, I can see where the "asymmetry" is, but I don't understand why they went decided to fine Apple rather than do something on their side (ie. rework the idea of consent in GDPR to allow for reusing the ATT prompt) to fix the "asymmetry". I think most people would agree that the ATT prompt from iOS must stay, and it's better to address the "asymmetry" by making third party apps more streamlined, than by making iOS worse[1]. That would be entirely within the French regulators' remit.
> Third-party publishers "cannot rely on the ATT framework to comply with their legal obligations," so they "must continue to use their own consent collection solution," the French agency said.
This absolutely sounds like a problem caused by the law and not apple. Apps can’t rely on the prompt for legal authorization (presumably because it is filtered through apples apis?) and must therefore ask themselves.
The only two solutions I see to this is either Apple can’t prompt which means they can’t protect the user or the law can change to accept the prompt as authorization to track.
> The article specifically says that many apps feel like they need additional consent which means they have to request it through two channels.
Surely the same argument can be applied to the cookie law - many sites feel like they need consent therefore it's unfair over people who think they only need one prompt.
This is for system-level permissions. In third-party apps, the app asks whether you want to enable X permission and then you get an OS-level confirmation request. It's not just in Europe.
Likely they'll fall back in Europe to double-prompting as well in system apps.
Afaik the apps don't have to ask you, they could just request the OS-level permissions. They don't do that because if you reject the request at the OS level, they can't request it again, you have to go to the Settings app to enable it and it's harder to do. So apps prefer to just nag you again and again until you say you're ready.
I've never gotten that, I don't think? I only get the OS-level request. For ad tracking we're talking about? But even for stuff like Bluetooth or location.
I mean, I've had apps show a popup beforehand explaining what they want me to answer. But that's not required, nor does it seem common.
I'm assuming there are additional GDPR compliance asks in Europe when using apps. If that's the case I don't see how that is Apple's fault. I wish this article was a bit better but after reading a few of them I still don't get what the actual complaint is.
So the fine seems to be for treating 3rd parties differently from their own stuff.
They could make their own popups require double confirmation instead...