close
close

Pixalate’s H1 2024 Apple App Store Legal Investigation Report highlights how the App Store and app developers are likely to violate Articles 5, 12, 13 and 24 of the GDPR

Pixalate’s H1 2024 Apple App Store Legal Investigation Report highlights how the App Store and app developers are likely to violate Articles 5, 12, 13 and 24 of the GDPR
Posted on | Posted on Jasper

PixelatePixelate

Pixelate

Pixalate’s research has found that over 380,000 users in the UK, France and other European countries face ongoing privacy risks when using Apple devices due to their personal data being transmitted in the open programmatic advertising bid stream of over 1,300 advertising-enabled mobile apps hosted on the Apple App Store and targeted on it. These apps likely fail to inform users of their privacy rights and what essentially happens to their personal data after processing, leading to potential violations of Articles 5, 12 and 13 of the GDPR. Pixalate’s research examines and shares findings that the Apple App Store appears to enable these likely non-compliant apps to conduct targeted advertising by sharing the IDFAs/IDFVs of EU and UK-based users with them.

London, August 22, 2024 (GLOBE NEWSWIRE) — Pixalate, the world’s leading ad fraud protection, privacy and compliance analytics platform, today announced GDPR Breach Risk Report H1 2024: Apple App StoreThe report provides a detailed legal analysis of the risks of data breaches within the European Union (“EU”) and the United Kingdom (“UK”). General Data Protection Regulation (hereinafter referred to as “GDPR”), namely Articles 5, 12, 13, 24 And Recommended 75 related to the Apple App Store and app developers who have published mobile apps on Apple’s App Store.

The report also assesses potential risks of a GDPR breach for Apple as a “data controller” within the meaning of the GDPR. Article 4(7) – Apple appears to share users’ device identifiers (advertiser identifiers, seller identifiers, also known as IDFAs/IDFVs) with 1,384 mobile apps hosted on the Apple App Store that do not have recognized privacy policies but still appear to process users’ personal data by sharing their IDFAs/IDFVs in the ad bidding stream.

For this research, Pixalate’s data science team analyzed over 32,000 mobile apps hosted on the Apple App Store that were available for download from the App Store in the EU and UK in the first half of 2024, met the territorial scope of the GDPR, and had open programmatic ad impressions targeting users based in the EU and/or UK (as measured by Pixalate).

Pixelates H1 2024 Risk of GDPR violation in the Apple App Store report – Key findings:

  • Over 380,000 The personal data of users based in the EU and UK were shared in the ad bidding stream of targeted advertising-enabled apps for which no privacy policies were detected in the first half of 2024.

  • 1,384 Apps hosted on the Apple App Store:

    • had no recognized privacy policy in the first half of 2024 and

    • Sharing of personal data of users based in the EU and the UK in the open programmatic advertising bidding stream.

  • Personal data shared in the open programmatic ad bid stream, including Location data, IP address and device identifiers (IDFVs/IDFAs)measured by Pixalate:

    • 842 (61%) Targeted advertising-enabled apps shared the IDFAs/IDFVs of users based in the EU and UK in the open programmatic ad bidding stream in the first half of 2024.

    • 330 (24%) Apps with targeted advertising functionality shared all three forms of personal data in the open programmatic ad bidding stream in the first half of 2024.

By sharing users’ IDFAs/IDFVs with apps without recognized privacy policies, Apple is likely failing to meet its obligations as a data controller to ensure that users’ device identifiers are Integrity and confidentiality, according to GDPR Article 5(f).

“Pixalate conducted this investigation to gain data insights and legal analysis on the actual practices of app developers, websites and reputable app hosting platforms to help users determine whether their personal data is actually being processed with user privacy in mind,” said Yusra Kayani, EMEA Director of Data Protection and Privacy at Pixalate. “It is a worrying finding that the identified apps exist without any identified privacy policies and operate within the Apple App Store ecosystem, yet Apple appears to take no action to identify and remove such apps, which are likely to violate GDPR regulations as well as Apple’s own developer license agreements and App Store policies.”

Top 10 EU and UK registered App Store hosted apps with no detected privacy policies sharing personal data in the ad bid stream

Access to the full GDPR Breach Risk Report H1 2024 – Apple App Store Here. You will also get the list of 1,384 apps hosted on the App Store with no detected privacy policies that share personal data of EU and UK based users in the ad bidding stream in the first half of 2024 (as measured by Pixalate).

About Pixalate

Pixalate is the market-leading fraud protection, privacy and compliance analytics platform for connected TV (CTV) and mobile advertising. We work around the clock to protect your reputation and increase your media value. Pixalate offers the only system of coordinated solutions for display, app, video and CTV to better detect and eliminate ad fraud. Pixalate is an MRC-accredited service for detecting and filtering sophisticated invalid traffic (SIVT) in desktop and mobile web, mobile in-app advertising and CTV advertising. www.pixalate.com

Disclaimer

The contents of this press release and the related report – including all content set forth herein – reflect Pixalate’s opinions regarding topics that Pixalate believes may be useful to the digital media industry, including advertisers, advertising technology companies, mobile application developers, professional advisors, non-governmental entities and regulators. Pixalate does not share the data in this report – and the opinions associated with it – to question the standing or reputation of any entity, person or app, but rather to report opinions and suggest trends related to specific apps that were available for download through the Apple App Store during the period studied, H1 2024. All data shared herein is based on Pixalate’s proprietary technology and compliance analysis, which Pixalate continuously evaluates and updates. References to external sources should not be construed as recommendations. Pixalate’s opinions are just that: opinions (i.e., they are neither facts nor guarantees). Pixalate’s opinions regarding the potential applicability, legal obligations and compliance with the GDPR are for informational purposes only and do not constitute legal advice. Nothing in this report: (i) is intended to constitute professional and/or legal advice; (ii) actually constitutes professional and/or legal advice; or (ii) represents a comprehensive or complete statement of the matters discussed or the related laws.

CONTACT: Nina Talcott [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *