Is Apple Trying to Find a Happy Privacy Balance between Consumers, Developers, and Marketers?

Apple has been at pains to position itself as a consumer-privacy-focused company, going as far as to refer to privacy as a fundamental human right. For example, in April, its iOS 14.5 App Tracking Transparency (ATT) privacy feature required app developers to request users’ permission to track their activities. A few months later, its iOS 15 update added Private Relay, which encrypts users’ web-browsing traffic and hides their IP, as a built-in feature for paid iCloud accounts.

But now, The Financial Times alleges the company has reached a “quiet truce” with other big tech firms like Meta (the parent company of Facebook), Google, and Snap that allows them to access iPhone user data, even when the user denies the tracking request.

It’s All in the Interpretation and Enforcement

Apple has advised app developers that they may not collect data from any device “for the purpose of uniquely identifying it.” Meta and Snap developers, among others, are interpreting this as permitting data collection at the group level, including ad targeting to groups of users sharing similar traits or interests. Others say aggregation of user data is still a violation of the rule — but Apple isn’t rushing to clarify it.

Perhaps the bigger problem is the reality of enforcing the directive, because aggregated data can be broken down and connected to individuals through ID resolution and fingerprinting. (Fingerprinting is the process of creating a unique profile of a user based on their computer hardware, software, add-ons, and preferences.) Right now, it seems Apple is entrusting this to the integrity of the very organizations from which it promised to protect its users.

According to The Financial Times, Apple is taking a lax approach to enforcement regarding its fellow tech giants. In addition, Apple’s own explanation of Tracking under iPhone’s Settings specifies that it is the app developers’ responsibility to ensure compliance with the user’s choice regarding tracking by third-party apps for marketing purposes.

The App Ecosystem Must Be Protected

When Apple introduced its ATT feature, there were fears of marketing revenue losses of up to 50%. That kind of impact was bound to meet with pushback from key industry stakeholders. As it turns out, supply chain delays have muddied the waters, with many brands pulling ad spend due to limited inventory. Still, Snap is already being sued by one of its investors for supposedly downplaying the impact of Apple’s privacy protections on the firm’s revenue. Snap’s stock price accordingly fell 25% in October.

A cynic might suggest the ATT feature was first and foremost a growth strategy for Apple’s own ad business. Year-to-date revenue and projections so far would support this view. But aggregated data is still better than no data, and Apple’s biggest rivals are also those most capable of making the most use of it, so they might not push back too aggressively and risk losing access completely.

Yet, Apple has to be careful not to fatefully injure the app ecosystem, the diversity of which makes iOS so successful. The company’s less than enthusiastic enforcement of its rules in select cases may therefore be strategic — an attempt to strike a balance between the demands of consumers, marketers, and developers.

What Does the Future Hold?

Some experts suspect the firm’s apparent relaxation of its privacy rules will receive criticism from the technologically savvy consumer, but will not cause the company to lose much face with the average “man on the street.” Some support the view that privacy programs are often more about marketing than any real protection for the consumer. Others say that Apple risks creating confusion and animosity in the industry and mistrust amongst consumers.

However, it’s possible Apple’s unilateral and ambiguous-by-design tracking restrictions aren’t intended to permanently and entirely restrict access to user data. Beyond serving as a market differentiator, the move allows the company to tackle the worst culprits of abuse on a policy basis while building technical solutions to deal with less urgent issues at scale.

If nothing else, it demonstrates the complexity of governance required by the ecosystem and its need for partner transparency. There is a massive conflict between device- or app-level preferences, with app developers obviously wanting to keep control of their relationship with their customers — control that Apple unilaterally took away from them. Lax enforcement won’t satisfy them for long, so work needs to be done on clarifying the value exchange at different points in the ecosystem.

Currently, closed platforms limit what users can do to protect themselves, but privacy and personalization aren’t mutually exclusive. We have established industry standards for the web that provide safety to both brands and consumers, including transparency of business relationships, for example, through the IAB Europe Transparency and Consent Framework. Achieving the same for closed systems will require stakeholder collaboration, but should not be impossible.