October 21, 2020

Volume X, Number 295

October 21, 2020

Subscribe to Latest Legal News and Analysis

October 20, 2020

Subscribe to Latest Legal News and Analysis

October 19, 2020

Subscribe to Latest Legal News and Analysis

Apple’s iOS 14 Requires New Opt-in Consent for Advertising Identifiers

Apple’s iOS 14, which was announced by Apple in June 2020 and is scheduled for official release later this year, will require that all apps receive user consent in order to access an iPhone’s unique advertising identifier (Identifier for Advertisers, or “IDFA”) or use the IDFA to automatically track users.
Apple defines tracking as “the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes.

Tracking also refers to sharing user or device data with data brokers.” Apple also lists the following examples of tracking:

  • displaying targeted ads in an app based on user data collected from apps and websites owned by other companies;

  • sharing device location data or email lists with a data broker;

  • sharing a list of emails, advertising IDs or other IDs with a third-party advertising network that uses that information to re-target those users in other apps; and

  • placing a third-party software development kit in an app that combines user data from the app with user data from other developers’ apps to target advertising or measure advertising efficiency.

Currently, use of the iPhone IDFA is permitted unless the user opts-out (through Settings > Privacy > Advertising > Limit Ad Tracking). With the iOS 14 rollout, Apple will require opt-in consent for every app, meaning that if an app wants to use the IDFA, iOS 14 will first present the user with the following dialog box:

By selecting “Allow Tracking,” a user explicitly grants the particular app permission to track the user across apps and services.

Apps may track users without first obtaining consent in two limited scenarios:

  • when user or device data from an app is linked to third-party data only on the user’s device and is not sent off the device in a way that may identify the user or the device; and

  • when a data broker with whom the app developer shares data uses the data only for fraud detection, fraud prevention or security purposes, and solely on that app developer’s behalf (e.g., using a data broker to prevent credit card fraud).

The shift to opt-in consent is part of Apple’s AppTracking Transparency framework. Read more about the framework.

Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 237


About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct