France's data protection authority (CNIL) has fined Apple €8,000,000 ($8.5M) for collecting user data for targeted advertising on the App Store without requesting or securing the user's consent.
This practice is considered a violation of Article 82 of the French Data Protection Act (DPA), a national directive that aligns with the GDPR (General Data Protection Regulation), which is applicable across Europe.
Article 82 of the French DPA requires that "any action through which an electronic communication service accesses or enter information in a user's terminal equipment (such as the storage of cookies) requires the user's consent."
This is the
same article that Facebook and Google violated in the past by making it hard for their website visitors to find the option to reject tracking cookies, for which CNIL fined Facebook and Google €60,000,000 ($68M) and €150,000,000 ($170M) respectively.
