Today, we’d like to share a story that sits at the intersection of privacy, regulation, and business impact — and it’s a good example of how even well-intentioned security and privacy controls can raise complex questions.
Recently, Apple was fined €98.6 million by Italy’s competition authority, which ruled that one of Apple’s privacy features unfairly restricted competition in the App Store. Apple has said it strongly disagrees with the decision and plans to appeal.
What Is App Tracking Transparency?
The case centres on Apple’s App Tracking Transparency (ATT) feature, which Apple introduced in April 2021 as part of an update to the operating system used on iPhones and iPads.
ATT requires apps to ask users for permission before tracking their activity across other apps and websites for advertising purposes. In simple terms, it gives users a clear choice:
“Do you want this app to track you?”
From a privacy perspective, this was widely seen as a positive move. Many users welcomed the additional transparency and control over how their data is used.
Why Did Italy’s Antitrust Authority Fine Apple?
Italy’s antitrust authority did not say that ATT itself was wrong or unnecessary. Instead, the concern was how the system was implemented.
According to the authority, third-party app developers are required to ask users for consent twice in order to comply with Europe’s strict privacy rules, while Apple’s own apps do not face the same level of friction. The regulator argued that this “double consent” requirement makes it harder for other developers — particularly those that rely on advertising revenue — to compete fairly in the App Store.
In the authority’s view, this extra hurdle was disproportionate to the stated goal of protecting user data and had a negative impact on developers, advertisers, and advertising platforms.
Apple’s Response
Apple has pushed back strongly against the ruling.
The company said the decision overlooks the privacy protections ATT provides and instead favours advertising technology companies and data brokers that want broader access to user data. Apple maintains that privacy is a fundamental human right and that ATT was designed to give users a simple and consistent way to control tracking.
Apple also noted that the same rules apply to all developers, including Apple itself, and said the feature has been widely embraced by customers and praised by privacy advocates globally.
Not an Isolated Case
Italy’s decision is not happening in isolation. Earlier this year, France’s antitrust authority fined Apple €150 million over similar concerns relating to ATT and user consent. Together, these cases highlight an ongoing tension in Europe between privacy protection and competition law — particularly when large platform providers introduce system-level controls.
Why This Matters Beyond Apple
For most businesses, this story isn’t really about Apple at all. It’s about the growing complexity of balancing:
- User privacy
- Regulatory compliance
- Fair competition
- Commercial sustainability
As privacy expectations rise, organisations are increasingly expected to give users more control over their data. At the same time, regulators are watching closely to ensure those controls don’t unintentionally disadvantage certain groups or business models.
A CSB Perspective
At CSB, we often remind clients that privacy and security decisions don’t exist in a vacuum. Controls that are good for users can still have operational, commercial, or regulatory implications if they’re not designed carefully.
The key takeaway for businesses is not to avoid strong privacy measures, but to:
- Understand how controls affect users and partners
- Ensure consistency and fairness in how policies are applied
- Keep an eye on how regulations evolve, especially across different regions
Privacy is becoming a baseline expectation — but how it’s implemented matters just as much as the intention behind it.