Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
September 20th, 2021
iOS 15 Brings New Privacy Controls That Will Impact Advertising Initiatives
Today, after months in beta, Apple is releasing iOS 15 to the public. Building upon the Privacy Nutrition Labels and App Tracking Transparency (ATT) framework introduced in iOS 14.5 (discussed at length by us here), iOS 15 introduces new privacy controls that will impact brand marketing initiatives and the ad tech ecosystem. Although these controls are not an iOS 14.5-caliber seismic event, they are yet another example of how platform providers have become de facto regulators of privacy. Here are the key changes for advertisers.
The most notable change to privacy controls in iOS 15 is the introduction of “Mail Privacy Protection.” In sum, Mail Privacy Protection is a setting that prevents marketers from using background tracking technologies to understand how users interact with their emails. Unlike ATT, Mail Privacy Protection is off by default, and must be activated through Settings > Mail > Privacy Protection. Apple describes “Mail Privacy Protection” as follows:
“Emails that you receive may include hidden pixels that allow the email's sender to learn information about you. As soon as you open an email, information about your Mail activity can be collected by the sender without transparency and an ability to control what information is shared. Email senders can learn when and how many times you opened their email, whether you forwarded the email, your Internet Protocol (IP) address, and other data that can be used to build a profile of your behavior and learn your location.
If you choose to turn it on, Mail Privacy Protection helps protect your privacy by preventing email senders, including Apple, from learning information about your Mail activity. When you receive an email in the Mail app, rather than downloading remote content when you open an email, Mail Privacy Protection downloads remote content in the background by default - regardless of how you do or don't engage with the email. Apple does not learn any information about the content.
In addition, all remote content downloaded by Mail is routed through multiple proxy servers, preventing the sender from learning your IP address. Rather than share your IP address, which can allow the email sender to learn your location, Apple's proxy network will randomly assign an IP address that corresponds only to the region your device is in. As a result, email senders will only receive generic information rather than information about your behavior. Apple does not access your IP address.”
Other notable changes to privacy controls in iOS 15 include the introduction of "Privacy Dashboard" (a dashboard where users can view how apps use their data), "Private Relay" (an opt-in VPN-like service that obfuscates internet browsing history), and "Hide My Email" (an opt-in setting that allows users to generate and use fake email addresses when signing up through a site rather than using their real email addresses). iOS 15 will also start asking users for permission before enabling personalized ads by Apple, bringing Apple more in line with its own ATT framework.
Brands that engage in email marketing or rely on first party data through account registration should revisit their practices and evaluate the implications of iOS 15, in particular, Mail Privacy Protection and Hide My Email.
Questions? If you have questions about how the new iOS 15 privacy settings impact your advertising initiatives, or about any other privacy and data security matters, contact Frankfurt Kurnit Privacy & Data Security Group Chair Daniel M. Goldberg at (310) 579-9616 or dgoldberg@fkks.com, or any other member of the firm’s Privacy & Data Security Group.
Other Privacy & Data Security Law Alerts
Six Steps to Help Your Team Comply with the New SEC Public Company Cybersecurity Rules
On July 26, 2023, the Securities Exchange Commission (“SEC”) approved final Rules entitled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rules”). The Rules require certain cybersecurity incident disclosures on Form 8-K, generally within 4 business days after the determination that a cybersecurity incident is material. Read more.
August 1 2023
Five Action Items to Help You Prepare for the Wave of Privacy Enforcement Starting July 2023
Mark your calendars - July 2023 is an important month for US privacy enforcement. Read more.
June 21 2023
Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape
Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.
April 24 2023