Apple was recently fined €8 million ($8.8 million) by French privacy watchdog the Commission Nationale Informatique & Libertés (CNIL) for its reading of iOS device identifiers without users giving consent, for the purpose of optimising ad personalisation.
An interesting result of this is some deeper insight into how exactly Apple’s ad targeting works.
User data: It’s getting personal
Ad personalisation settings are switched on by default on iOS 14.6, meaning that users have been required to actively know about this, find the settings, and then turn them off if they didn’t want personalised ads. Apple has therefore been able to use targeted ads on a larger scale via the Apple Search Ads platform as of device activation.
As reported by Mobile Dev Memo, Apple places users into advertising segments, starting out by giving each Apple ID account a directory services identifier. These are created on Apple’s servers and have data like age, gender and location tied to them, based on the Apple ID information.
A device pack identifier and an iADAD, used in targeting ads, are stored on users’ devices and from this data, users are positioned within the aforementioned advertising segments. These can be as specific as 5,000 people per group, all targeted based on a mutual topic.
Search terms, segment information, device pack identifiers and iADADs are all sent from the user to ad servers which then find a suitable advert, unless users actively find and turn this function off, which the CNIL is claiming breaches Article 82 of the French Data Protection Act on Apple’s part. Without users giving their informed and explicit consent for Apple to take their data, doing so violates the law, the CNIL claims.
Apple was busy preparing to allow alternative app stores in the EU in December, in a move to comply with EU regulations and the Digital Markets Act.