Apple sued for promising privacy, failing at it

Whatever you think, companies have to abide to the law. If there is a law that forbids them to gather data without permissions, or use them in a way beyond the permission obtained, they can't break them.

It tracking is OK for you, it's not for many other people who wish their data to be used **only** for the purpose they gave them to a company.

Moreover no company tracks you for the sake of it. Tracking is used to drive you to buy more of something - and the matter if it is 1st party or third party matters little. Services built on gathered data will be sold to others to target you in exchange of money.

"I simply wouldn't use them."

When they got a monopoly on many services it's not so simple to do without them. I can no longer access my bank if I have not a phone for 2FA - they no longer issue separate tokens. So when you have a dominant position in one market, and people are basically forced to use your products, you have to undergo even bigger scrutiny and laws can be enacted to avoid the position is exploited against users.

I agree that first-party data usage is less problematic than third-party data sharing, but that doesn't mean I agree with your acceptance. There's a reason that GDPR and similar legislation requires informed consent (and would actually matter if enforced). Just because I engage in a business relationship with you doesn't mean I know all the stuff you're planning to do with my data, and burying that information somewhere or waiting for someone to discover it later doesn't count as me agreeing to have it done.

There are a lot of cases where a company has a reason to collect a ton of information. I have, for example, engaged in a product testing situation where I was handed a prerelease device to attempt to use and all my reactions to the features and interactions with the device recorded for future analysis. This was supposed to help them improve confusing parts of the interface and judge what a specific user thought of the features they were going to make available. This was fine, because they told me that's what they were going to do. A company could equally well collect the data from users of the device after it's been sold, using the collected data to improve the next version, but it would be entirely unacceptable to collect anything like that without specifically informing the user of everything that was going to happen and getting consent for every part of it. Even if you don't share the information, you don't have the right to surveil everything I do for your own use.

If you want to collect ten types of information, then you need to ask ten times and you need to tell me what each type is and what you're using it for. In countries with satisfactory regulations, you should also be forbidden from denying me the service because I don't consent to the collection. If you want to share that information with others, then you have to ask ten more times for that part as well.

The issue is that Apple promise at every turn not to do so if you switch the collection/sharing off, not whether you are comfortable with it.

There is a clear line between data that is required for the functionality the user is expecting, and data that is collected for functionality "behind-the-scenes" that is of no direct benefit to the user.

For example, collecting name and address for a postage label is expected, and acceptable behaviour, collecting information about how long a particular user looked at an advert, and associating it with that user is of benefit only to the person thrusting their advertising in your face, be it Apple, or some other third party. Gathering advertising metrics that are used for statistical purposes and don't (and cannot) associate the "view" with a specific person are "acceptable", in that advertising is ever acceptable, but there is a clear difference.

GDPR has quite a lot to say about what is allowable when collecting data that has an element of personal identification to it, and just because Apple is a US company, doesn't make them (or anyone else) exempt from following the rules of other countries they operate within.

The onus lies on them to gain consent, which must be opt-in, not simply assume consent for activities which benefit them, and require the subject to opt out.

So, to answer your question, "When does the onus come on to the user to stop using something if they want privacy?" When the user decides they no longer wish to be opted in (which they will have explicitly chosen to do), then the onus is on them to opt out. At which point, the company must delete the data they have collected, and be able to demonstrate that they have done so. It is illegal to make the use of any service contingent on the collection of such data, if it is not essential to the purposes of that service, by the way.

Re: This is "normal" everywhere.

Duck Duck Go doesn't have all of this spyware crap, and they seem make money with their ads. When you use their search engine, they have your IP (which provides your city location) and your search term. That is all they need to serve relevant ads.

Re: This is "normal" everywhere.

I don't know why you got so many downvotes. You have described pretty accurately how all those advertisers operate. Many of them have an annoying pop-up where you have to "reject all" (the tiny greyed out text next to the massive green "Accept" button which is deceptive enough in itself), but I'm sure plenty don't do this and just vacuum up all that juicy tracking data.

This is, of course, not right, or acceptable, but the internet is full of predators.

You can protect yourself to a degree by using various browser plug-ins, a Pi-Hole and all that gubbins. The bad guys are wily, though.

I don’t have much of an issue with a company that doesn’t promise privacy to any extent whatsoever, using metrics in a legal fashion, within the context as laid out by common law.

I have an issue with it, if they don't get my consent first. And so does EU (and UK, for now) law.

Re: Advertising can not always be called "marketing fluff".

What's not so obvious is wether or not apple will still be considered "better than the others".

Re: Advertising can not always be called "marketing fluff".

"Apple will eventually lose but promise to do better next time"

Apple will just treat this as a marketing issue, change their advertising, and happily go on scooping up all the data they want.

I'm not sure how you can choose a product to buy, when the manufacturer has flat out lied about it's operation, and the only alternative is known to be worse anyway.

I just bought a Belkin brand "USB-C - USB-C Boost charging cable"

It has only two wires, no charge signalling wire. It is not even a usb-pd charge only cable.

It can only slow charge.

The manufacturer simply provided zero information about the product beyond it's name, so I had no way to know before buying it. Buying some usb-c sockets, and using a microscope and multimeter to find out why it doesn't work.

Luckily I can threaten the seller with wasting their staff's time in the small claims court, so I will get a refund.

Re: The Register trademark

Given Apple's reputed responsiveness towards journos from El Reg (or lack thereof), I think it's probably the latter, and deliberately so.

They will also have to claim that that data collection is proportionate and necessary to the operation of the app store, especially the aspect where it associates it with an identifiable individual.

Re: Yeah, but nah

If I post something on Facebook, or Twitter, I do so in the full expectation that what I am posting is public. This is not comparable in any way with silent tracking of activity and its collection and collation without the user's knowledge or consent.

Re: Find My Data (pun intended!)

Well that's how "find my" works. Your missing device connects through other people's devices.

So yes other people's devices are collecting data about your device and sharing it with Apple. But if you use that service then you authorize Apple to collect that data.

Here's a question though. Does the find my service still work through other people's devices if they have opted out of all of Apple's data collection and sharing services. And if it does what data does Apple collect about their devices and movements?

If the service just logs that the missing device was "seen" by a i-device at this location and this time, then fair enough. But if Apple record any data at all about that third party's device then they are breaking their own rules. Of course there's no need to log that data in order to track the missing device, but I wouldn't assume for a minute that means that they don't log that data. Too many tech companies in the past have been caught logging stuff they don't need to log, not necessarily through malice or even avarice but often through the employment of crap coders.

The marketing department would have to repurpose their cocaine budget to pay for compensation claims.

After a couple of multimillion dollar claims, there'd be barely anything left for the weekend.