The EU Has a Plan to Fix Internet Privacy: Be More Like Apple

Like millions of other internet users in Europe, when Alexandra Geese, a German member of the European Parliament (MEP), wants to read something on the internet, she first has to open and scroll through several options to refuse to share her data with third-party advertisers. Europe’s landmark privacy law, the General Data Protection Regulation (GDPR), means websites have to ask users for consent to be tracked online. But many companies make refusing consent much harder than granting it, meaning Geese’s search to opt out can take more time than she intended to spend on a website. “The problem with the current GDPR is that it’s not being enforced properly and therefore people don’t have a real choice,” she says.

Geese is among the European lawmakers currently drafting some of the world’s strictest rules against technology companies in an attempt to fix the opt-out function of the internet.

As MEPs pondered how to give that real choice to European internet users in January, an existing system developed by Apple was presented as a possible template for reshaping the internet. In 2021, the tech giant introduced a new privacy pop-up that it said would give users a real choice about whether they want to be tracked. The feature gives iPhone users two very simple options when they download new apps—“Ask App Not To Track” or “Allow.” Statistics that showed up to 98 percent of iPhone users took this opportunity to opt out were taken as evidence by some MEPs that people would choose to protect their privacy if they had the chance. “I really believe that privacy shouldn’t only be an option for people who can afford premium devices or premium Apple products,” says German MEP Tiemo Wölken, from the Progressive Alliance of Socialists and Democrats.

Photograph: Christoph Dernbach/Getty Images

Now European lawmakers want to apply Apple’s idea across all major online platforms—a definition that includes online marketplaces, app stores, and social media platforms—and force them to display simple options when people first visit a website. On January 20, a majority of MEPs voted in favor of an amendment to the Digital Services Act (DSA), which stated that refusing consent for ad tracking should be no more difficult or time-consuming than providing it. Another amendment proposes banning dark patterns—design choices that try to influence a user to consent to tracking. For proposals to make it into the final version of the DSA, they must be approved by the European Council, which represents heads of government in the 27 member states. If proposals survive these negotiations, they could become law as soon as the end of this year.

But recent revelations about Apple’s once-lauded system show it is not the clear-cut option EU lawmakers might have hoped for. It is vulnerable to workarounds, and the “do not track” option does not block all tracking from advertisers. Since the tracking changes rolled out in July, companies such as Snapchat parent Snap and Facebook have been sharing user signals from iPhones, as long as that data is anonymized and aggregated. Apple said developers are not allowed to use signals from the device to try to identify a user, but this has not stopped advertisers from gathering anonymous data to target users. An Apple spokesperson says these rules “apply equally to all developers.”

A Snap spokesperson said the company has designed privacy-protective solutions that measure “aggregate conversion data, without tying off-platform activities (like installing an app or visiting a website) back to specific Snapchatters.” Facebook declined to comment.

It’s unclear whether Apple has endorsed these techniques, but it means that if users are under the impression that Apple’s new rules mean all tracking has now stopped, they are wrong. Regulators have made note of that fact. In December 2021, Poland’s competition regulator addressed some misconceptions about Apple’s App Tracking Transparency feature. “This does not mean that users’ information is no longer being collected and that they do not receive personalized ads,” the regulator, known as UOKIK, said at the time. Apple also faced an in-depth probe in France to determine whether the privacy change will harm advertisers.

Leave a Reply

Your email address will not be published.