French regulators today hit Apple with a €8 million fine for breaching France’s data protection rules with targeted App Store ads. France’s National Commission for Informatics and Liberty (CNIL) says that Apple did not obtain the consent of French iPhone users (iOS version 14.6) before using identifiers to present targeted ads in the iOS 14.6 update.
Apple was collecting that information and using it for ads by default, and CNIL says that users had to undertake a “large number of actions” to turn advertising off in the Privacy section of the Settings app.
CNIL ruled that Apple breached Article 82 of the Data Protection Act, leading to a sanction of 8 million euros.
The CNIL services have found that under the old version 14.6 of the iPhone operating system, when a user went to the App Store, identifiers for several purposes, including purposes of customizing advertising ads displayed on the App Store, were by default automatically read on the terminal without collecting consent.
In a statement to Fortune‘s Patrick McGee, Apple said that it is “disappointed” with the decision and plans to appeal.
We are disappointed with this decision given the CNIL has previously recognized that how we serve search ads in the App Store prioritizes user privacy, and we will appeal.
Apple Search Ads goes further than any other digital advertising platform we are aware of by providing users with a clear choice as to whether or not they would like personalized ads. Additionally, Apple Search Ads never tracks users across 3rd party apps and websites, and only uses first-party data to personalize ads. We believe privacy is a fundamental human right and a user should always get to decide whether to share their data and with whom.
Following a complaint from the France Digitale association relating to the personalization processing of advertisements broadcast in the App Store, the CNIL carried out several checks in 2021 and 2022 in order to verify compliance with the applicable regulations.