Apple Distribution – €8,000,000 Fine (France, 2022)

On March 10 2021, the French DPA received a complaint against Apple ('provider' or 'the company') regarding the iOS and MacOS operating systems. According to the complaint, there was a setting called ‘personalised ads’ in the settings of Apple devices which was activated by default. Subsequently, the DPA carried out multiple investigations into the company. The investigation was limited to iOS version 14.6, Apple’s operating system for iPhones. During the investigation, the DPA found that part of the companies processing was the ‘search ads’ service, which was used to personalize ads in the Apple App Store. This service allowed developers to advertise their application in the App Store based on different criteria, such as, but not limited to, device type, age and gender. If the 'personalised adds’ function was enabled in the iPhone settings, the ads displayed to the data subject in the App Store would be personalized using this data. If this setting was disabled, data subjects would receive an ad which was not personalized. The technical workings of the 'personalised adds' setting was analysed by the DPA based on information provided by Apple. The DPA stated that the setting involved multiple identifiers which were created on the data subject's iPhone and the companies servers at different stages of using the phone and setting it up. The identifiers served different purposes related to advertising in the App Store. Apple had two French subsidiaries called Apple France and Apple Retail France. In the context of the ‘search ads’ service, Apple France employed “search ads specialists’, which had to provide assistance to app developers when they were using Apple’s advertising platform in order to target the relevant audience. In its defence, the company had, among other things, argued that the French DPA was not competent in this case. Apple argued that the GDPR was applicable and that the Irish DPA was instead the competent authority under the one stop shop mecha