Unpacking Apple’s latest iOS14 privacy policy guidance

On January 28th — which is Data Privacy Day — Apple released a whimsical consumer-centric guide for consumers on how changes to its iOS privacy policy will change their interactions with apps, websites, and other third parties. This release coincided with a speech that Apple CEO Tim Cook delivered at the EU data conference.

The guide, titled A Day in the Life of Your Data, provides an overview of how consumer data is harvested from various properties for the purposes of optimizing in-product content experiences and advertising campaigns. The guide is thorough and easily intelligible, with simple illustrations that competently elucidate a complex (and certainly opaque) system.

Notably, Apple used this guide as an opportunity to provide a timeline for the mandatory rollout of the ATT prompt: “spring.” Regular readers of MDM will know that March has been pegged as the assumed rollout target for some time (at least since December, when I tweeted about it — although it seems that Apple will make the ATT prompt mandatory in the next release, and not in iOS 14.4).

At the end of the guide, Apple constructed a FAQ that is ostensibly targeted to consumers but which bleeds advertiser-directed subtext. Advertisers that have been paying attention to news and developments within the mobile ecosystem should be aware of most of the information that is revealed in the FAQ, but it is worth reviewing the points that were published if only because Apple is explicitly saying some of these things clearly, intelligibly, and publicly for the first time.

This guidance should put to rest any assumptions around developers being able to gate content by the opt-in. What Apple is saying here is that no aspect of the app’s functionality can be restricted by the user’s choice in the ATT prompt.

Apple is saying here that it expects ad platforms to respect the spirit of the directive of the ATT prompt and to not use server-to-server conversion measurement methods to track user activity outside of Apple’s purview. I’ve heard from institutional investors and ad tech companies that believe all IDFA-enabled tracking activity can simply shift to server-to-server conversion measurement; this is, and always has been, delusional. Apple will know if a developer is contravening ATT guidelines by sending conversions to an ad platform via server-to-server methods, and they will remove those developers’ apps from the App Store as a consequence.

There is nothing really new in this passage. Facebook announced its Limited Login SSO method last week to comply with ATT guidelines.

This has to do with the privacy labels that Apple rolled out late last year.

Again, nothing revealed in the guide is new, per se, except that Apple has now publicly acknowledged a timeline and clarified some of the points that ad tech vendors are attempting to generated confusion around.