The Italian competition authority (AGCM) has imposed a fine of €98.6 million ($116 million) on Apple for allegedly misusing its App Tracking Transparency (ATT) framework to exploit its dominant position in mobile app advertising.

ATT mandates that developers obtain consent to collect user data for targeted advertising before tracking users across websites, apps, and services owned by other companies. Apple rolled out ATT in June 2020 and began enforcing it in April 2021 with the launch of iOS 14.5 and iPadOS 14.5.

In a press release issued on Monday, following a two-year investigation, the AGCM noted that Apple’s ATT policy compels third-party apps to show a standardized prompt asking users for permission to track their activities across different apps and websites.

However, apps developed by Apple are not required to show the same prompt. The AGCM indicated that the way ATT is implemented forces developers to ask for consent twice for the same purpose.

Since the ATT prompt does not fulfill the GDPR requirements for EU privacy law, developers must also implement their own consent mechanisms, leading to what regulators termed an “excessively burdensome” double-consent process.

“In essence, while the Authority supports the goal of ensuring that users’ consent is comprehensive, free, and informed, it found that Apple could have maintained the same level of privacy without being as restrictive to competition,” explained the Italian antitrust agency.

“This could have prevented the imposition of additional burdens on third-party developers, thus avoiding unnecessary double consent requests for advertising purposes.”

In response to the AGCM’s ruling, Apple informed BleepingComputer that it plans to appeal and will continue to defend robust privacy protections.

“At Apple, we view privacy as a fundamental human right, and we established App Tracking Transparency to provide users with a straightforward method to control whether companies can track their actions across different apps and websites. These regulations are uniformly applicable to all developers, including Apple, and have been welcomed by our users as well as endorsed by privacy advocates and data protection regulators worldwide, including the Garante,” Apple told BleepingComputer.

“We fundamentally disagree with the ICA’s decision as it overlooks the vital privacy protections offered by ATT in favor of advertising technology companies and data brokers desiring unrestricted access to users’ personal data. We will vigorously uphold strong privacy standards for our users as we pursue our appeal.”

Earlier this year, Apple faced a €150 million ($162 million) penalty from France’s antitrust authority for similarly abusing its market dominance through the ATT framework.

Ongoing investigations are also taking place in Poland, and Apple has recently made adjustments to the ATT consent prompt at the request of the German regulator to address competitive concerns.

Broken IAM isn’t just an IT issue – it impacts your entire organization.

This concise guide explains why traditional IAM methods fall short in today’s landscape, showcases what effective IAM looks like, and provides a straightforward checklist for crafting a scalable strategy.

Get the guide