Apple’s forthcoming iPhone operating system, iOS 14, will overhaul how apps and advertisers disclose their privacy practices to consumers. Critically, apps will soon need their users to provide opt-in consent to the sharing of advertising identifiers. These changes are not only significant due to the size of Apple’s user base, but also because Apple’s practices may well shape the development of privacy and app law across the country.
What Changes Should Advertisers Expect?
Increased Focus on Disclosure
Apple’s iOS 14 will go live later this year. Once a user’s iPhone is updated, the App Store will require developers to disclose information about their privacy practices prior to a user downloading that developer’s app. If the app uses any third-party code – such as advertising or analytics SDKs – the developer will also need to disclose what data such third-party collects, how the data is used, and whether that data is used to track users.
Navigating the New Apple App Law Requirements
Targeted ads are an essential part of many successful advertising campaigns. iOS 14 will significantly change what advertisers must do to target their ads. As part of the update, app developers must obtain users’ permission to track them or access their devices’ Identifier for Advertisers (“IDFA”). Currently, apps are permitted to access an iPhone’s IDFA unless the user expressly opts out.
Apple defines tracking as linking user or device data collected from an app with user or device data from other companies’ “apps, websites, or offline properties” for targeted advertising. According to Apple, examples of tracking can include:
- Displaying targeted advertisements in an app based on user data collected from other companies’ apps or websites;
- Sharing device location data or email lists with a data broker (unless the data broker uses the data solely for fraud detection or prevention); and
- Sharing email lists, advertising IDs, or other IDs with third-party advertising networks that use the information to retarget those users for other apps.
Apple clarified that the foregoing list is not exhaustive. As such, advertisers should be cautious when interpreting existing app law and determining whether their behavior constitutes tracking and thus requires extra user permissions. Importantly, developers are allowed to track users without permission when user or device data from an app is linked to third-party data only on the user’s device and is not sent off the device in a way that may identify the user or the device.
As readers know, developers that violate Apple’s app law run the risk of being banned from the App Store or even being sued by Apple. The new iOS 14 rules were clearly designed to increase transparency for users. In doing so, iOS’s new privacy framework inches closer toward important privacy and app laws that have been enacted around the world, particularly Europe’s General Data Protection Regulation (“GDPR”).
Please note that Apple’s new framework essentially requires what we have been recommending for years: always err on the side of disclosure. Of course, this is easier said than done. iOS 14’s requirements will complicate how advertisers balance business concerns with their user privacy obligations. As always, it is recommended that businesses and advertisers work with experienced counsel to develop any sort of targeted ad campaign. If you need assistance launching a compliant marketing campaign, please e-mail us at firstname.lastname@example.org, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Photo by Rami Al-zayat on Unsplash
Similar Blog Posts:
Apple’s New App Data Collection Rules
FTC Sues Amazon for Alleged In-App Purchasing Scheme Targeting Children