- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
September 20th, 2021
iOS 15 Brings New Privacy Controls That Will Impact Advertising Initiatives
Today, after months in beta, Apple is releasing iOS 15 to the public. Building upon the Privacy Nutrition Labels and App Tracking Transparency (ATT) framework introduced in iOS 14.5 (discussed at length by us here), iOS 15 introduces new privacy controls that will impact brand marketing initiatives and the ad tech ecosystem. Although these controls are not an iOS 14.5-caliber seismic event, they are yet another example of how platform providers have become de facto regulators of privacy. Here are the key changes for advertisers.
The most notable change to privacy controls in iOS 15 is the introduction of “Mail Privacy Protection.” In sum, Mail Privacy Protection is a setting that prevents marketers from using background tracking technologies to understand how users interact with their emails. Unlike ATT, Mail Privacy Protection is off by default, and must be activated through Settings > Mail > Privacy Protection. Apple describes “Mail Privacy Protection” as follows:
“Emails that you receive may include hidden pixels that allow the email's sender to learn information about you. As soon as you open an email, information about your Mail activity can be collected by the sender without transparency and an ability to control what information is shared. Email senders can learn when and how many times you opened their email, whether you forwarded the email, your Internet Protocol (IP) address, and other data that can be used to build a profile of your behavior and learn your location.
If you choose to turn it on, Mail Privacy Protection helps protect your privacy by preventing email senders, including Apple, from learning information about your Mail activity. When you receive an email in the Mail app, rather than downloading remote content when you open an email, Mail Privacy Protection downloads remote content in the background by default - regardless of how you do or don't engage with the email. Apple does not learn any information about the content.
In addition, all remote content downloaded by Mail is routed through multiple proxy servers, preventing the sender from learning your IP address. Rather than share your IP address, which can allow the email sender to learn your location, Apple's proxy network will randomly assign an IP address that corresponds only to the region your device is in. As a result, email senders will only receive generic information rather than information about your behavior. Apple does not access your IP address.”
Other notable changes to privacy controls in iOS 15 include the introduction of "Privacy Dashboard" (a dashboard where users can view how apps use their data), "Private Relay" (an opt-in VPN-like service that obfuscates internet browsing history), and "Hide My Email" (an opt-in setting that allows users to generate and use fake email addresses when signing up through a site rather than using their real email addresses). iOS 15 will also start asking users for permission before enabling personalized ads by Apple, bringing Apple more in line with its own ATT framework.
Brands that engage in email marketing or rely on first party data through account registration should revisit their practices and evaluate the implications of iOS 15, in particular, Mail Privacy Protection and Hide My Email.
Questions? If you have questions about how the new iOS 15 privacy settings impact your advertising initiatives, or about any other privacy and data security matters, contact Frankfurt Kurnit Privacy & Data Security Group Chair Daniel M. Goldberg at (310) 579-9616 or email@example.com, or any other member of the firm’s Privacy & Data Security Group.
Other Privacy & Data Security Law Alerts
New York City Restricts Collection of Biometric Identifiers
Major US municipalities are lining up to regulate business use of technologies to collect biometric identifiers and information. For example, Portland, Oregon, banned the use of face recognition technologies earlier this year. Now, New York City businesses must comply with a new law too: Effective July 9, 2021, any commercial establishment in New York City that collects, retains, converts, stores or shares biometric identifier information of customers must disclose such activity using clear and conspicuous signage near all customer entrances. Read more.
July 7 2021
Business Takeaways from the FTC $5 Billion Settlement with Facebook
On July 24, 2019, the FTC announced a $5 billion settlement with Facebook to address Facebook’s alleged violations of the FTC Act and its 2012 consent order with the FTC. Read more.
July 26 2019
Are You Ready for the New York Cybersecurity Regulations’ September 3rd Deadline?
Financial institutions and insurance companies operating in New York have until September 3, 2018 to comply with the next phase of New York's Cybersecurity Regulations. Here's what you need to know to avoid regulatory scrutiny. Read more.
August 10 2018