CNIL’s sanction body is free to ignore the rapporteur’s recommendations, but these typically carry a lot of weight regarding the watchdog’s final decision.
In the complaint, the lobby, which represents the bulk of France’s digital entrepreneurs and venture capitalists, alleged that iPhone maker Apple’s former operating software, iOS 14, did not comply with EU privacy requirements.
France Digitale argued then that while iPhone owners were asked under iOS 14 whether they were ready to allow installed mobile apps to gather a key identifier used to define campaign ads and send targeted ads, default settings allowed Apple to carry its own targeted ad campaigns without clearly asking iPhone users for their prior consent.
Apple’s privacy updates, called App Tracking Transparency, give users the option to block apps from tracking activity across apps and websites owned by other companies.
Discover the stories of your interest
In his remarks, Pellegrini said Apple’s previous operating system version iOS 14.6 failed to ask users properly for their prior consent for the collection of personal data, thus constituting a breach of privacy rules under the European Union‘s ePrivacy directive.
He added that changes made under a subsequent version of Apple’s operating system, iOS 15, allowed for such prior consent.
Gary Davis, Apple’s head of privacy, contested the rapporteur’s conclusions at the hearing, saying the U.S. firm was committed to the protection of users’ privacy.
“The absence of any seriousness to the breach … means that the amount of the fine should be decreased,” he said, requesting that the amount of any fine should not be made public.
CNIL’s sanction body did not say when it would reach a decision.