A random poser.

Given their recent feud, let me get started by making it clear that this is not a Facebook-sponsored article, or anything of the sorts. In fact, I mostly try to avoid Facebook in its various shapes and have little faith in their compassionate advocacy of small businesses.

The whole point here is shining a light on a less denounced hypocrisy: Apple’s stance on privacy.

I am pretty certain that playing by the iPhone maker’s rules (as many of us are obliged to, whether as businesses or consumers) is doing little for our collective and individual privacy, but I am even more certain that calling out a brand with cult-like status will touch an emotional raw nerve with many devout followers, and backfire in the form of all sorts of passionate arguments. I am also aware that many in the software development and startup communities are plain scared about even raising their voices when it comes to this giant gatekeeper. Apple enforces a dictatorship on the App Store that can make or break a company of any size.

Which is why I will try to keep it concise and simple, hopefully facilitating a constructive debate on five specific issues:

Continuously demanding our very personal identification (together with a valid credit card) for the enjoyment of content we have already paid for is the very opposite of Privacy by Design and by Default.

Security is not a valid excuse to keep a single, unified profile for each customer, itself tied to her real-world identity. If anything, it should work the other way around: in favor of anonymity or pseudonymity, shorter retention periods, and device-centric access to content which has already been purchased.

Convenience is definitely not part of that equation either — in my experience. Of course, it is easy to ensure regular payments when the very expiration of a “credit card on file” allows the company to bring every single device (dearly paid for, packed with previously purchased content) to a standstill.

While Apple’s App Tracking Transparency initiative purports to rid the mobile advertising ecosystem (Facebook, primarily) of intrusive profiling and dark patterns, Apple’s own advertising network takes consent for granted. As a matter of fact, the French Data Protection Authority (CNIL) has just hinted that the opt-out system employed by Apple Search Ads, despite solely relying on first-party data, falls short of the EU ePrivacy regulatory framework.

Apple’s ambition to own the privacy conversation has quickly eroded the value proposition of multiple privacy-preserving apps, many of which are simply unable to even make it into the App Store. A few have been working for years on “privacy labels” similar to those now available on iOS 14 (in many cases with more accuracy, deciphering privacy policies and scanning third party apps).

Not to mention the countless privacy-first Single Sign On initiatives pushed aside by the “Login with Apple” decree, and the manner in which it makes it even harder for customers to migrate to Android or Windows.

It appears to me that Apple has confused privacy with confidentiality, and is educating the public on the wrong set of principles.

Suffice to watch their most recent ad on the subject, which happily mixes up people singing out their credit card number and passwords (scenario A) with others sharing their physical activity metrics or browsing habits (scenario B).

Scenario A illustrates a lack of confidentiality that leads to compromised security — little to do with a fundamental right to privacy (which I would define as having a say on the handling of personal information that could hamper or determine our future choices or freedom).

Scenario B does touch on the concept of intimacy (the real precursor to privacy in Roman law), but I would argue that the parodied examples pose a smaller privacy risk -in terms of determining our future choices- than Apple’s own insistence on tying every single user action to their real-world identity (as per my first point).

Not only is Apple not sacrificing its own business model in favor of privacy (how easy it is to bash something others depend upon!), but it also seems to be making a serious strategic move that goes far beyond Tim Cook’s stated purposes. As well pointed out by Eric Seufert and others, preventing Facebook from using unique device identifiers across different mobile apps will result in taking back control over the mobile app ecosystem, having witnessed the App Store fall into irrelevance as Facebook became the primary discovery tool for most developers and end users.


Although I am definitely happy to put an end to Facebook’s mobile omnipresence (its trackers have permeated far too many apps), I find it disconcerting that a private company in pursuit of its own monopolistic ambitions gets away with the moral high ground on privacy while turning its back on real personal agency and Privacy by Design principles.

(Cover Photo by Charles Deluvio on Unsplash)

CEO at PrivacyCloud | founder at Divisadero (now Merkle) & Sweetspot (now ClickDimensions) | JD, LL.M (IT & Internet law), CIPP/E