来源： Fieldfisher斐石   原创 Phil Lee

Why Apple's "Consent for IDFA" announcement is a game changer for online and mobile privacy
为什么苹果“关于IDFA的同意”的声明改变了在线和移动隐私的游戏规则

If, like me, you're something of an Apple fanboy, then you'll probably follow announcements coming out of Apple's annual Worldwide Developer's Conference with interest – looking for the latest, and greatest, updates to the iOS or MacOS platforms.

如果您像我一样，也是苹果某种产品的粉丝，那么您可能会关注苹果的年度全球开发者大会上发布的公告——寻找IOS和MacOS平台的最新且最棒的更新。

This year, Apple had a series of privacy-related announcements that have grabbed my attention even more than normal, and created waves throughout the mobile and privacy communities.

今年，苹果公司发布了一系列与隐私相关的声明，这比平时而言更加吸引我的注意力，并且在移动和隐私的社区内引发了轰动。

I'll skip, for now, Apple's announcements relating to enhanced privacy transparency, geolocation tracking controls, and recording indicators on iOS, as well as its new privacy reporting functionality for the Safari browser - you can read about those here:https://www.apple.com/ios/ios-14-preview/ and here:https://www.apple.com/uk/newsroom/2020/06/apple-introduces-macos-big-sur-with-a-beautiful-new-design/, if you're interested.

现在，我将跳过苹果关于提升隐私透明度、地理位置跟踪控制、IOS记录指示以及其在Safari上的新的隐私报告功能的声明——如果您感兴趣的话，您可以在这里https://www.apple.com/ios/ios-14-preview/和这里https://www.apple.com/uk/newsroom/2020/06/apple-introduces-macos-big-sur-with-a-beautiful-new-design/阅读这些公告。

Instead, I want to focus on its announcement that it will require opt-in consent for access to the iPhone IDFA – an announcement which, according to Forbes, sends an $80 billion mobile app install industry into upheaval – and which has potentially wider implications across all of mobile and online tracking.

相反，我想要重点关注其声明是苹果需要征求同意来访问iPhone IDFA——根据福布斯的报道，该声明使得价值800亿美金的移动应用程序（App）安装行业发生剧变——并且这对所有移动和在线跟踪行业产生潜在的更加深远的影响。

For those who are unaware, Apple's IDFA stands for "ID For Advertisers". In short, it's a unique identifier on your Apple iPhone. Unlike websites, mobile apps don't use cookies to track you, so they need another means to do so. That's where the IDFA comes in. Mobile advertisers can access the iPhone's IDFA to track your usage of the apps on your phone (and websites accessed through your mobile browser), and then use this information for targeting and attribution purposes. Access to the iPhone IDFA is currently permitted under the iOS unless you opt-out (through Settings >> Privacy >> Advertising >> Limit Ad Tracking).

对那些对此不是很清楚的人而言，苹果的IDFA代表了“为广告主提供的ID”。简而言之，这是您的iPhone的唯一识别码。和网站不同的是，移动应用程序不会用Cookie去跟踪您，所以其需要其他的方式来跟踪。这就是IDFA的用处。移动广告主可能会访问iPhone的IDFA来跟踪您在您的手机上使用App的情况（以及使用手机浏览器访问网站的情况），然后将这些信息用于定向和归因的目的。除非您选择退订（通过设置——隐私——广告——限制广告跟踪），否则在IOS上目前是允许访问iPhone的IDFA的。

But, with the launch of iOS 14 in autumn later this year, Apple will now force app developers who want access to your IDFA to require opt-in consent. Users will be presented with a dialogue box asking them if they agree to XYZ company tracking them across apps and websites. The impact of this is huge. It could be that Apple succeeds in preventing non-consensual mobile-based tracking where legislative initiatives, like the EU's current ePrivacy Directive or stalled ePrivacy Regulation, have failed. And, presented with such an option, it seems highly likely, if not inevitable, that many users will refuse consent.

但是，随着今年晚些时候预计在秋季发布的iOS 14，苹果现在将要求那些想要访问您的IDFA的App开发者去获取您的Opt-in的同意。用户可能会被提供一个对话框来向其询问是否同意XYZ公司在App和网站上对其进行跟踪。这样做的影响是巨大的。苹果可能会成功阻止未经同意的在移动设备上的跟踪，而立法举措，例如欧盟现在的e-Privacy 指令或者陷入停滞的e-Privacy 条例，在这一问题上都失败了。而且，如果有了这样的选项，很有可能，且不可避免地，很多用户会选择拒绝同意。

Privacy advocates will no doubt argue that advertisers shouldn't be afraid of this development: if they have a genuine value proposition to offer to iPhone users, those users will consent to tracking. Advertisers are likely to argue that, while this is a nice idea, in reality most users will decline whatever the value proposition, with serious impacts on ad funded mobile content.

隐私的支持者无疑会称，广告商们不应该担心这种发展：如果他们有真正有价值的想法可提供给iPhone用户，那么这些用户将同意跟踪。广告商们可能会争辩说，尽管这是一个好主意，但实际上，大多数用户都会拒绝这些，无论是什么价值的想法，而这会对广告资助的移动内容产生严重影响。

At this point, it's early days, and attempting to predict the future often proves to be a fool's errand. However, here are a few of the "big picture" issues that immediately occur to me:

这一点而言确实太早了些，以及尝试去预测未来总是被证明是愚蠢的事情。但是，有一些我立即想到的一些大问题：

Apple's announcement should not be viewed in isolation. Instead, it's part of a growing trend towards giving users greater control of their online and mobile data. Google announced earlier this year, for example, that it would be phasing out third party cookies over the next two years in its Chrome browser. The privacy-centric browser, Brave, recently announced that it has now passed 15 million monthly active users (representing 2.25x MAU growth over the past year), while other browsers (Safari, Firefox and Edge) have also trumpeted their own privacy improvements. The trend is clear: users want, and are being given, ever greater control of their online data.

苹果的这一声明不能孤立地来看。相反，这是苹果向用户提供的对其在线和移动数据更多的控制权这一增长趋势中的一个部分。例如，谷歌今年早些时候声称，其将在未来两年内淘汰其Chrome浏览器内的第三方Cookie。以隐私作为核心的浏览器，Brave，近期宣布其已经有超过每月1500万活跃用户（在过去一年中，月活跃用户增长了2.25倍），而其他的浏览器（Safari，Firefox and Edge）也在宣传其在隐私方面的改进。趋势已经非常明显了：用户希望，并且正在被给予，对其在线数据更多的控制权。

Despite this, no one has yet come up with a solution for weening mobile and web publishers off of ad-funded content and history tends to show that, however much users may care about their privacy, they are not yet willing to pay to access online content as an alternative means of funding; indeed, re-introducing subscription models on a widespread basis across the web will likely only serve to reduce access to online content and disproportionately affect lower income families and users. It may be that non-targeted, contextual-based advertising will come ever more to the fore – but, for that to be the case, advertisers will want to see that it can drive the same kinds of conversions that targeted advertising can.

尽管如此，还没有人想出任何解决方案，能够使移动和网页的发布者摆脱广告资助的内容，并且历史记录表明，尽管许多用户可能在乎他们的隐私，但他们还不愿意选择为访问在线内容付费作为替代方式；实际上，在网络上广泛引入订阅模式可能只会减少对在线内容的访问，并且不相称地影响低收入的家庭和用户。非定向的、基于情景的广告可能会脱颖而出——但是，在这种情况下，广告商们会更希望看到它可以带来与定向广告相同的转化。

In the meantime, therefore, we may be witnessing the emergence of a struggle between platform and browser providers, on the one hand, who are under growing pressure from their users to provide more privacy-based controls, and advertisers and publishers on the other hand who will argue that they need ongoing access to user device-related information to enable targeted advertising as a means to fund online and mobile content.

因此，与此同时，我们可能正在见证平台和浏览器提供商之间的斗争的出现，一方面，他们面临着来自用户的越来越大的压力，来提供更多基于隐私的控件，而广告商和发布者将声称他们需要持续访问与用户设备有关的信息，以使定向广告作为向在线和移动内容提供资金支持的一种手段。

Further, the impact of Apple's announcement on mobile attribution is unclear. Third party attribution providers generally need access to the iPhone's IDFA in order to report back to advertisers and publishers where advertising campaigns were successfully deployed. This is true even for untargeted, or contextual, campaigns – advertisers still need to know whether their adverts were seen in order to ensure appropriate advertising royalty payments to the publisher who displayed their ads. But if these attribution partners have to ask users to consent to access the IDFA, then it will presumably severely impact their ability to report on advertising campaign success. Apple appears to have anticipated this concern by building out its own, privacy-centric, mobile attribution framework (called SKAdNetwork) – effectively positioning itself as the gateway to what advertisers can, and can't, know about users who install their apps for attribution purposes. What this will mean for third party attribution providers is currently unclear – presumably they will either need to interface with this framework, or risk being cut out of the attribution picture altogether.

此外，苹果公司的声明对移动归因的影响尚不清楚。第三方归因提供商通常需要访问iPhone的IDFA，以便向成功部署广告的广告主和发布者报告。即使对于非定向的或情景相关的广告也是如此，广告主仍然需要知道他们的广告能否被别人看到，以确保向发布广告的发布商支付适当的广告费。但是，如果这些归因合作伙伴必须征求用户同意才能访问IDFA，那么这可能会严重影响他们报告广告发布成功的能力。苹果似乎已经预料到了这种担忧，并且通过构建自己的以隐私为中心的移动归因框架（称为SKAdNetwork）——有效地将自身定位为这种门户，由此广告主可以，或不可以，为归因目的了解哪些用户安装了App。这一操作对于第三方归因提供商的意味着什么尚不清楚——预计其需要与该框架进行交互，否则就有可能被完全排除在归因业务的版图之外。

A final big unknown: whether advertisers, even if they use Apple's new consent dialogue, can ever truly obtain a GDPR standard consent. Bearing in mind the strict requirements that the EU/UK has for GDPR-standard consents – that is, that they must be "freely given, specific, informed and unambiguous" – while advertisers are able to tailor the consent message presented to users, could such a sufficiently well-developed consent ever be squeezed within the confines of a small iOS consent dialogue box? Further, bearing in mind that app developers and advertisers will typically access the IDFA for multiple reasons (e.g. content personalisation, ad targeting, attribution, analytics etc.) and that the GDPR broadly prohibits so-called "bundled consents", does this mean that apps will need to re-surface the consent dialogue multiple times for each purpose? Or will they simply take a risk-based view and collect a one-size-fits-all consent? At this point, we just don't know.

最后一个重大的未知：即使使用Apple的新的同意对话框，广告主是否能够真正地获取GDPR标准的同意。需要牢记的是，欧盟和英国对GDPR标准的同意有着严格的要求，即必须“自由地给予、具体、知情且明确”，即便广告主能够量身定做向用户展示的同意的信息，在一个小的iOS同意对话框的范围内能压缩出如此完善的同意吗？此外，App开发人员和广告主通常会出于多种原因（例如，内容个性化、广告定向、归因、分析等）访问IDFA，并且GDPR广泛禁止所谓的“捆绑同意”，这是否意味着App是否需要针对每个目的多次重复同意的对话框？还是他们只需要采取基于风险的观点并征得一个一刀切的同意？ 在这一点上，我们还不知道。

Whichever way you look at this, it is a major development and, like most major developments, it has consequences that are potentially both positive (enhanced consumer privacy protection) and negative (impacts on the mobile adtech industry and ad funded content). One thing you can be certain of though: this will drive change, in a way that legislative efforts have so far been unable.

无论您以哪种视角来看这件事，这都是一项重大的发展，并且与多数重大发展一样，其后果可能有积极的一面（增强消费者隐私保护），也会有消极的一面（对移动广告科技行业和广告资助内容的影响）。 可以确定的事情是：这将推动变革，以迄今为止立法工作无法实现的方式。