来源： Fieldfisher斐石 原创 Phil Lee
Why Apple's "Consent for IDFA" announcement is a game changer for online and mobile privacy
If, like me, you're something of an Apple fanboy, then you'll probably follow announcements coming out of Apple's annual Worldwide Developer's Conference with interest – looking for the latest, and greatest, updates to the iOS or MacOS platforms.
This year, Apple had a series of privacy-related announcements that have grabbed my attention even more than normal, and created waves throughout the mobile and privacy communities.
I'll skip, for now, Apple's announcements relating to enhanced privacy transparency, geolocation tracking controls, and recording indicators on iOS, as well as its new privacy reporting functionality for the Safari browser - you can read about those here:https://www.apple.com/ios/ios-14-preview/ and here:https://www.apple.com/uk/newsroom/2020/06/apple-introduces-macos-big-sur-with-a-beautiful-new-design/, if you're interested.
Instead, I want to focus on its announcement that it will require opt-in consent for access to the iPhone IDFA – an announcement which, according to Forbes, sends an $80 billion mobile app install industry into upheaval – and which has potentially wider implications across all of mobile and online tracking.
But, with the launch of iOS 14 in autumn later this year, Apple will now force app developers who want access to your IDFA to require opt-in consent. Users will be presented with a dialogue box asking them if they agree to XYZ company tracking them across apps and websites. The impact of this is huge. It could be that Apple succeeds in preventing non-consensual mobile-based tracking where legislative initiatives, like the EU's current ePrivacy Directive or stalled ePrivacy Regulation, have failed. And, presented with such an option, it seems highly likely, if not inevitable, that many users will refuse consent.
但是，随着今年晚些时候预计在秋季发布的iOS 14，苹果现在将要求那些想要访问您的IDFA的App开发者去获取您的Opt-in的同意。用户可能会被提供一个对话框来向其询问是否同意XYZ公司在App和网站上对其进行跟踪。这样做的影响是巨大的。苹果可能会成功阻止未经同意的在移动设备上的跟踪，而立法举措，例如欧盟现在的e-Privacy 指令或者陷入停滞的e-Privacy 条例，在这一问题上都失败了。而且，如果有了这样的选项，很有可能，且不可避免地，很多用户会选择拒绝同意。
Privacy advocates will no doubt argue that advertisers shouldn't be afraid of this development: if they have a genuine value proposition to offer to iPhone users, those users will consent to tracking. Advertisers are likely to argue that, while this is a nice idea, in reality most users will decline whatever the value proposition, with serious impacts on ad funded mobile content.
At this point, it's early days, and attempting to predict the future often proves to be a fool's errand. However, here are a few of the "big picture" issues that immediately occur to me:
Apple's announcement should not be viewed in isolation. Instead, it's part of a growing trend towards giving users greater control of their online and mobile data. Google announced earlier this year, for example, that it would be phasing out third party cookies over the next two years in its Chrome browser. The privacy-centric browser, Brave, recently announced that it has now passed 15 million monthly active users (representing 2.25x MAU growth over the past year), while other browsers (Safari, Firefox and Edge) have also trumpeted their own privacy improvements. The trend is clear: users want, and are being given, ever greater control of their online data.
苹果的这一声明不能孤立地来看。相反，这是苹果向用户提供的对其在线和移动数据更多的控制权这一增长趋势中的一个部分。例如，谷歌今年早些时候声称，其将在未来两年内淘汰其Chrome浏览器内的第三方Cookie。以隐私作为核心的浏览器，Brave，近期宣布其已经有超过每月1500万活跃用户（在过去一年中，月活跃用户增长了2.25倍），而其他的浏览器（Safari，Firefox and Edge）也在宣传其在隐私方面的改进。趋势已经非常明显了：用户希望，并且正在被给予，对其在线数据更多的控制权。
Despite this, no one has yet come up with a solution for weening mobile and web publishers off of ad-funded content and history tends to show that, however much users may care about their privacy, they are not yet willing to pay to access online content as an alternative means of funding; indeed, re-introducing subscription models on a widespread basis across the web will likely only serve to reduce access to online content and disproportionately affect lower income families and users. It may be that non-targeted, contextual-based advertising will come ever more to the fore – but, for that to be the case, advertisers will want to see that it can drive the same kinds of conversions that targeted advertising can.
In the meantime, therefore, we may be witnessing the emergence of a struggle between platform and browser providers, on the one hand, who are under growing pressure from their users to provide more privacy-based controls, and advertisers and publishers on the other hand who will argue that they need ongoing access to user device-related information to enable targeted advertising as a means to fund online and mobile content.
Further, the impact of Apple's announcement on mobile attribution is unclear. Third party attribution providers generally need access to the iPhone's IDFA in order to report back to advertisers and publishers where advertising campaigns were successfully deployed. This is true even for untargeted, or contextual, campaigns – advertisers still need to know whether their adverts were seen in order to ensure appropriate advertising royalty payments to the publisher who displayed their ads. But if these attribution partners have to ask users to consent to access the IDFA, then it will presumably severely impact their ability to report on advertising campaign success. Apple appears to have anticipated this concern by building out its own, privacy-centric, mobile attribution framework (called SKAdNetwork) – effectively positioning itself as the gateway to what advertisers can, and can't, know about users who install their apps for attribution purposes. What this will mean for third party attribution providers is currently unclear – presumably they will either need to interface with this framework, or risk being cut out of the attribution picture altogether.
A final big unknown: whether advertisers, even if they use Apple's new consent dialogue, can ever truly obtain a GDPR standard consent. Bearing in mind the strict requirements that the EU/UK has for GDPR-standard consents – that is, that they must be "freely given, specific, informed and unambiguous" – while advertisers are able to tailor the consent message presented to users, could such a sufficiently well-developed consent ever be squeezed within the confines of a small iOS consent dialogue box? Further, bearing in mind that app developers and advertisers will typically access the IDFA for multiple reasons (e.g. content personalisation, ad targeting, attribution, analytics etc.) and that the GDPR broadly prohibits so-called "bundled consents", does this mean that apps will need to re-surface the consent dialogue multiple times for each purpose? Or will they simply take a risk-based view and collect a one-size-fits-all consent? At this point, we just don't know.
Whichever way you look at this, it is a major development and, like most major developments, it has consequences that are potentially both positive (enhanced consumer privacy protection) and negative (impacts on the mobile adtech industry and ad funded content). One thing you can be certain of though: this will drive change, in a way that legislative efforts have so far been unable.