Apple Fined $8.5 Million After Breaching Data Protection Act - Here's How They Responded

Apple has long touted itself as the torchbearer of privacy, claiming to have taken concrete steps to protect the privacy of its users. The company has also introduced several measures aimed at safeguarding user data in the past. 

Among the earliest examples of this include a 2005 decision to block third-party cookies on its Safari web browser. In 2017, with iOS 11 and macOS High Sierra, the company enabled its Intelligent Tracking Prevention on Safari. This feature limited the ability of websites to track user behavior. In 2021, Apple was also involved in a public spat with Meta after introducing stringent privacy tracking on its App Store. In the end, Meta was left with no option but to agree to Apple's directives, or risk being booted out of the coveted iOS App Store used by millions of Apple users around the globe.

Apple's squeaky-clean image with privacy-related matters was dealt a severe blow recently after French privacy watchdog CNIL (National Commission for Computing and Liberties) imposed an $8.5 million sanction against the company for breaching French data protection laws. According to TechCrunch, the decision to penalize Apple for violating privacy laws was issued on December 29, 2022. However, it is only now that the decision has gone public. While the fine amount of $8.5 million will barely have any monetary impact on Apple's bottom line, this decision will undoubtedly create doubts among Apple users. In fact, questions are already being raised about the tall privacy-focused claims made by Apple in the recent past.

A press release by CNIL details the events that led to Apple being fined. In 2021, the organization received a complaint from an Apple user accusing the company of showing personalized ads on the App Store. These ads were served on an iOS device that ran an older version (iOS 14.6) of the company's smartphone operating system.

The CNIL acted on the complaint and launched an investigation, at the end of which they deduced that Apple did not obtain consent from users before it collected their data. Making things worse, the regulator also found that Apple used this data to serve targeted ads. The CNIL also alleges that Apple gathered data collection consent from users via a settings menu in which the option to grant them permission was already checked, resulting in the said $8.5 million fine.

While Apple is yet to issue an official statement in connection with this development on its website, an Apple spokesperson responded to questions from journalists Patrick McGhee. The company expressed its disappointment with CNIL's decision and confirmed that the company intends to appeal the decision. The company also reiterated its stance regarding privacy, and continues to maintain that they prioritize user privacy over everything else.

Interestingly, this is not the first time that Apple has had a legal showdown with French regulators and lawmakers. In December 2022, a French Court fined the company $1 million (via Reuters) for imposing what the court described as "abusive commercial clauses" on French app developers to access the Apple App Store.