Online Advertising

French Competition Authority Fines Apple €150M Alleging Market Power Abuse of Ad Privacy System

in , ,

By Susan Hintze and Hansenard Piou 

Note that the Autorité has not yet been published the decision in question as it is in process of redacting information relating to trade secrets. Please check back for updates. 

On March 31st, 2025, the French Competition Authority (the Autorité), in collaboration with CNIL, announced Decision 25-D-02 of March 28, 2025, which fined Apple €150 million for allegedly abusing its market position with its App Tracking Transparency (ATT) system. The Autorité, in its summary of the decision, claimed Apple unfairly advantages its own apps and advertising practices while harming third party apps and advertising efforts, including those of small publishers.  

Launched in April 2021, the ATT system requires third-party iOS and iPadOS apps to obtain user consent for collection of data for targeted advertising purposes through a consent-management popup before the app’s use. Upon such consent, the app would gain access to the device’s Identifier for Advertisers (IDFA). Prior to the launch of the ATT system, several associations raised concern that the ATT process was “an obstacle to the possibilities of carrying out targeted advertising for users of Apple devices,” but the Autorité declined to issue interim measures. 

While acknowledging that Apple’s privacy objectives for the ATT system are legitimate, the Autorité noted Apple’s ability to influence the business models of third-party mobile app publishers and stated that Apple must implement its privacy objectives in a way that balances its responsibility as a dominant operator of a digital platform. The Autorité held that under the French competition law, the ATT system is an abuse of Apple’s dominance as its means for implementing the system is neither necessary nor proportionate to meet those privacy objectives. Instead, the Autorité found Apple’s privacy implementation places an asymmetric burden on third party publishers as compared to Apple’s treatment of its own applications. 

The Autorité based this finding of asymmetry on three factors:

  • A December 2022 CNIL opinion stated that third party mobile app publishers are unable to rely on the Apple ATT system’s popup for compliance with their own consent requirements under data protection law. Consequently, mobile apps are forced to obtain two separate consents, resulting in excessively complex consent collection for the user.

  • While these systems require two acceptances to grant lawful consent, the denial of consent needs only to be given once.

  • While third-party publishers have to collect double consent, such a structure does not apply to Apple’s own apps. Since small adjustments could have prevented this asymmetry, the Autorité found it unnecessary and noncompliant with competition law. 

The Autorité noted that the ATT system affects all app publishers, but it is particularly harmful for smaller publishers without other targeted advertising methods for revenue. 

This collaboration between the Autorité and CNIL, pursuant to its joint December 2023 statement and CNIL’s recommendations for mobile apps, highlights the agencies’ willingness to act jointly to investigate and enforce matters that impact competition and privacy law. 

The case also represents the need for platform providers with market power to consider implementing privacy frameworks that not only safeguard consumers but also safeguard against the potential harmful economic impacts to competitors. Such privacy frameworks should not be unnecessarily complex for users and should not place higher burdens on third parties than the platform provider places on itself. 

Hintze Law PLLC is a Chambers-ranked and Legal 500-recognized, boutique law firm that provides counseling exclusively on global privacy, data security, and AI law. Its attorneys and data consultants support technology, ecommerce, advertising, media, retail, healthcare, and mobile companies, organizations, and industry associations in all aspects of privacy, data security, and AI law.

Susan Hintze is Co-Managing Partner at Hintze Law PLLC. Recognized by Chambers, Legal 500, & Best Lawyers, Susan and her firm are leaders in their field. Susan serves on the International Association of Privacy Professionals (IAPP) Board of Directors and is an IAPP Westin Emeritus Fellow. She is also co-chair of the firm’s Regulatory Defense Group.

Hansenard Piou is an Associate at Hintze Law PLLC with experience in global data protection issues, including kids’ global privacy laws, AADC, privacy impact assessments, GDPR, and privacy statements.  

10 areas for US-based privacy programs to focus in 2025

in , , , ,
10 areas for US-based privacy programs to focus in 2025

By Sam Castic

The post below was originally published by the IAPP at https://iapp.org/news/a/10-areas-for-privacy-programs-to-focus-in-2025.

This past year was another jammed one for privacy teams and it was not easy to stay on top of all the privacy litigation, enforcement trends, and new laws and regulations in the U.S.

Read More

FTC Introduces Novel Ban in Its Settlement with NGL Labs and Scrutinizes AI Representations

in , , ,

By Emily Litka

On July 9, 2024, The Federal Trade Commission (FTC) and the Los Angeles District Attorney’s Office (LA DA) reached a settlement with NGL Labs, the maker of the “NGL: ask me anything” app and its co-founders. The complaint alleged violations of the Federal Trade Commission Act (FTC Act), the Children’s Online Privacy Protection Act (COPPA), the Restore Online Shoppers’ Confidence Act (ROSCA), and similar California state laws. In the complaint, the FTC and LA DA also brought claims against NGL’s cofounders individually. 

Read More

New CCPA Enforcement Action: Lessons for Tracking Technologies and Child Users

in ,
New CCPA Enforcement Action: Lessons for Tracking Technologies and Child Users

By Cameron Cantrell and Sam Castic

This week the California Attorney General and Los Angeles City Attorney announced a proposed $500,000 settlement to a complaint against mobile app game developer and publisher Tilting Point Media LLC for  alleged violations of the California Consumer Privacy Act (“CCPA”), unfair competition law, and federal Children’s Online Privacy Protection Act (“COPPA”). This post summarizes the alleged practices that led to the enforcement action, how it fits with regulatory enforcement priorities including on data sales via tracking technologies and children’s privacy, and steps for companies to consider to reduce risk.

Read More