Schedule a demo
Login to console
iphone with ATT Pop-up
  • Personal Data

  • Ad Tech

Apple, IDFA & the GDPR: What does this mean for advertisers?

May 27, 2021 by Amy Arnell

Apple’s IDFA announcement is a big change for the digital advertising industry, but not necessarily a surprising one. The reason behind it? Apple’s “privacy-first” business model that privileges user data rights. However, one thing is important to note. Apple’s ATT framework does not act as a replacement for a Consent Management Platform. Carry on reading to find out more. 

 

Summary: 

 

 


 

An introduction to IDFA

 

IDFA (Identifier for Advertisers) is a unique identifier for mobile devices. It is used to target and measure the effectiveness of advertising on a user level across mobile devices. 

 

As part of the iOS 14 update, Apple announced that users are able to block the IDFA identifier at the app level. This is known as the AppTrackingTransparency (ATT) framework. Ultimately, it means that apps will be required to ask users for permission to collect and share their data.

 

Instead of having to go into their settings to change their app-tracking preferences, users will now receive a pop-up from the app. 

 

If they choose “Ask App Not to Track”, the app developer can’t access the system advertising identifier (IDFA). The app is also not permitted to track user activity using other information that identifies the user or their device, like their email address.

 

Mockup of the Apple ATT pop-up 

 

Why has Apple implemented this change? 

This is a big change for the industry, but not necessarily a surprising one. 

 

Apple is a brand that has taken both the public and strategic stance that privacy is a fundamental right. Both its business plan and its product roadmap follow a “trustworthy-by-design”, “privacy-first” model. 

 

We design Apple products to protect your privacy and give you control over your information. It’s not always easy. But that’s the kind of innovation we believe in.” - Apple 

 

Why? It’s a question of ethics, but it’s also a question of revenue. 

 

Some 80% of consumers believe that transparency is important for trusting a company or brand. And, over one-third of consumers are prepared to pay more for a product or service to ensure that their personal data remains private. 

 

Good privacy sells, and bad privacy repels. In the internet age, trust is the single most important driver of success in business.  

 

 

Moreover, Apple is not the only company to have recognised the importance of user consent as a KPI to follow. Android has also recently announced a similar system for app tracking, named ADD. 

 

So, change is imminent. But what exactly does this mean for advertisers? 

 

What does Apple’s iOS 14 update mean for advertisers? 

 

The impact that this will have on the digital advertising ecosystem should not be underestimated. 

 

Currently, about 70% of iOS users share their IDFA with app publishers. After this change, it’s estimated that this number may drop to 10% to 15%.

 

If a user refuses tracking on the ATT, they are essentially anonymous. Therefore, advertisers are no longer able to use their ID for personalised, targeted advertising. 

 

Depending on opt-in rates, this presents a major challenge for advertising targeting algorithms. If almost no one agrees to be tracked under Apple’s new opt-in system, advertisers will be left with very little iPhone, iPad, and Apple TV data to use for ad targeting. 

 

In summary, advertisers are likely to see a drop in targetable audiences.

 

Within this context, how can advertisers ensure that the personalised advertising, retargeting, conversion measurements and AB testing they carry out is 100% compliant, both with Apple’s ATT framework, but also with international data regulation? 

 

This is where Didomi steps in. 

 

Do you still need a consent management solution? 

 

One thing to note is that Apple’s ATT is not a replacement consent management solution

 

To be fully compliant with both Apple and GDPR requirements, you must ask for the user permission through ATT and ask for user consent through the CMP. 

 

While Apple's consent notice and Consent Management Platforms address similar themes regarding data privacy and user choice, they tackle very different aspects of this issue. Apple's consent notice focuses on tracking, location, camera use and IDFA. CMPs manage purposes, data sharing options, partners who can access your data, and cookies, for example.

 

In summary, ATT must be used in conjunction with the Didomi CMP

 

Discover our CMP

 

Does Didomi use IDFA? 

Didomi does not use IDFA and does not need ATT in order to work. Didomi uses its own random user ID that is specific to every app that the SDK is embedded in. This ID is not used for any user tracking and is only used for the purpose of consent management. 

 

What is the user journey? 

Therefore, app developers have two options:  

1 - Ask permission via ATT and then collect consent from the CMP if and only if the user has given permission via ATT.
2 - Collect consent from the CMP, and then ask for permission via ATT. 

 

Unfortunately, both options require two levels of choice for consenting users (CMP and ATT). This is not necessarily optimal user experience, but it does allow the user to have full knowledge and granularity of choice over the use of their personal data. This was Apple’s goal, and is a cause in which Didomi believes strongly.  

 

If the user selects “I accept” on the CMP, you will still be able to manage their consent, track consent, and ensure IAB compliance. Didomi will give you the assurance that you are collecting as much data as legally possible, and monetizing it in a compliant manner. 

 

The advent of iOS 14 and the ATT framework will send shockwaves throughout the industry, and it’s important to prepare for a certain amount of change. However, in this constantly evolving ecosystem, it seems like this is not the last time the AdTech industry will have to adapt. 

 

Didomi is here to make sure you are compliant with GDPR, CPRA and other data regulation. However, we are also here to make sure you boost your consent rate as much as possible, and make the most out of the data you are able to collect. Our guarantee is compliance, but our mission is performance. 

 

Contact us if you have any questions regarding the IDFA, or for more information on our bespoke Consent Management Platform

 

Schedule a demo

 

Related articles