Apple is not the only one to be heckled over its advertising devices: the Noyb association, founded by Austrian activist Maximilian Schrems, announced today that it has filed a complaint with the CNIL against the advertising tracking system implemented on Android systems. As Noyb explains on its site, the implicated device is the Android Advertising Identifier, a unique identifier assigned to each Android device and which is used by the system and third parties to deliver targeted advertising.
According to Noyb, “Google and third parties (for example, application providers and advertisers) can access AAID to track user behavior, analyze their consumption preferences and provide personalized advertising.” But unlike the cookies used on websites, AAID does not collect user consent at any time before being implemented, which goes against Article 5 (3) of the Directive. e-privacy, which governs the current framework for online advertising.
According to the association, this device is de facto imposed on European Android users, who cannot oppose its use by Google. The only valid option is to reset the username, a provision that does not allow you to delete data collected in the past or that does not end the tracking of the user.
France, a favorable land?
Noyb has chosen to file a complaint with the French CNIL based on the previous decisions of the data protection authority in the matter. Indeed, the complaint is not based here on the RGPD, but on the e-privacy directive, which means that the CNIL is alone on board to process the request and must not rely on the one-stop-shop mechanism. provided for by the GDPR.
Maximilian Schrems indicates that “the CNIL has already ruled in the past on a similar case” and believes that the French authority could therefore offer a more attentive ear to its arguments. The CNIL had effectively imposed a sanction of 100 million euros on Google and its subsidiaries in December 2020, for having deposited advertising tracking cookies to its users without obtaining prior consent.
As its ePrivacy the case does not fall under the consistency mechanism and the CNIL has ruled on that before – so seemed like a good jurisdiction .. 😉
– Max Schrems 🇪🇺 (@maxschrems) April 7, 2021
The ball is therefore now in the CNIL’s court. Noyb recalls having filed similar complaints against Apple and its IDFA device, a similar registration system set up on iOS. A first complaint had been lodged with the German data protection authority, and the other with the Spanish authority. By choosing to attack on the basis of the e-privacy directive, Noyb hopes to avoid the one-stop-shop mechanism, which frequently leads to handing over the case to the Irish data protection authority, known for its slowness in this type. of the folder.