Italy’s antitrust regulator has fined both Apple and Google 10 million euros each for what it calls “aggressive” data practices and failure to provide consumers with clear information about usage. their personal data for commercial purposes during the account creation stage.
Autorità Garante della Concorrenza e del Mercato (AGCM) said “Google and Apple failed to provide clear and immediate information about the commercial collection and use of user data”, adding that the technology companies have chosen to emphasize that data collection is only necessary to improve their own services and personalize the user experience, without giving any indication that data can be transferred and used for other reasons.
The concern concerns how companies omit relevant information when creating accounts and using their services, details of which the agency says are critical to making informed decisions about whether allow their data to be used for commercial purposes.
The AGCM argues that the lack of explicit user consent not only presupposes user acceptance, but also allows Apple and Google to subject the generated data to other forms of processing without providing a mechanism. with which consumers can confirm or change their choices in sharing their personal data.
“This acquisition architecture, prepared by Apple, cannot fulfill one’s will regarding the commercial use of one’s data,” the regulator noted. “Consequently, consumers have the option to consume and go through a process of transferring personal information that Apple may remove for its own advertising purposes done in different ways.”
Google addresses concerns with Privacy Sandbox
The development also comes as the UK’s Competition and Markets Authority (CMA) announced on Friday that it has secured monitor further on Google’s continued development of Privacy Sandbox recommendations to exclude third-party cookies in their Chrome web browser following backlash from privacy advocates, publishers and developers. advertisers and publishers.
To that end, the CMA says the search giant has offered to “address concerns about Google removing functionality or information prior to changing the full Privacy Sandbox, including by delaying implement the proposed Security Budget and make commitments around putting in place measures to reduce access to IP addresses. “
In addition, Google is also expected to “clarify internal limits on data” that the company itself can use, which involves placing restrictions to prevent the use of “personal data”. first-party kernel to track users, target and measure ads displayed on non-Google sites” and leverage the user’s Chrome browsing history and Analytics data to target advertising on Google or non-Google websites.
The move follows Google’s previous announcement in June of delaying the rollout from early 2022 to late 2023, noting that “more time is needed in the ecosystem to get this right” and “Evaluate new technologies, gather feedback, and iterate to ensure they meet goals for both privacy and performance, and give all developers time to take the best path.” for privacy. “