Apple Privacy Controls: FAQ

Apple is preparing to roll out new privacy controls in the early spring. The FAQs below are designed to assist you in understanding these changes and to proactively prepare for them.

1. When will Apple require the use of an opt-in to access the Identifier for Advertisers (IDFA), and will this be an immediate roll out or a phased approach?


Apple always starts by releasing a beta version, and the beta version of the next update to iOS 14 has already been released. That beta is the first version with the change for IDFA. App developers do not have access to IDFA for this small minority of users until they opt-in. The full release will take place in the Spring. People do have to take action to upgrade, so there is a ramp-up period, and the time it's taken for previous upgrades is a good proxy for how long this one will take.

2. Will there be restrictions to the use of identifiers to communicate to consumers directly in an advertiser or publisher’s own app and/or via push notifications, emails, and personalized landing pages when the data was collected previously and/or outside of iOS, such as an email address from a consented consumer?

This is not intended to have an impact on 1st party data and existing relationships. The intent is to address concerns when cross-company information is shared without customer permission, awareness, and transparency.

In addition to the IDFA, Apple offers Identifier for Vendors (IDFV). This is an identifier that can be used across all apps owned by the same company. There is no restriction to the use of IDFV to share information between those apps. 

It does have an impact when you are then taking that IDFA, or some other identifier, and using it to pass information to another company that is not a subsidiary to target people off Apple’s properties, then you need to get the users permission first.

Push messages, personalized landing pages, and email to pre-existing customers are all unaffected.


3. How will Apple monitor and enforce restrictions, and will they identify certain SDKs as non-compliant, and if so, will this jeopardize removal from the AppStore?

Just like a website, the owner is responsible for all code within their environment, so app developers are responsible for 3rd party SDKs within their apps. If the app review team determines there is a violation, they will reach out to resolve this, so the tracking is no longer happening.

The intent is to get apps in compliance. Apple doesn’t want to kick apps out of the ecosystem as that’s not good for the end-user experience.


4. What latitude do developers have to tailor the appearance and wording of the consent to their app’s business model? Can we communicate in-app to inform consumers of the benefits of providing consent?

There are several touchpoints where developers can communicate. First, developers control when they prompt the prompt and don’t gain access to the IDFA until doing so. They can set the stage for what they’re doing in advance, as long as it's not deceptive, and then prompt the prompt. In the prompt itself, there is a purpose string where they can say whatever they want to describe their purpose in a sentence, such as “we’re using this as a means to show you more relative personalized advertising”.

You control what happens before the prompt, and you can use site, sound, and motion storytelling to create a good user experience before the prompt hits, and you are welcome to use other channels (blog, site, etc) to describe in detail what your doing, how you are protecting data, and what relationships you have with 3rd parties.

5. Is there an option for consumers to change their preferences after their initial opt-in or opt-out response? Can apps owners prompt consumers to consider changing, and if so how?

Yes. This is a system prompt and designed to consistently align with many other purposes (like contacts, photos, etc) and enables users to go into settings and change their minds. While the prompt can only be popped once, developers have the ability, within taste and reason, to describe in the experience how users can go into settings themselves and make changes.

6. In cases where a consumer opts out, will Apple consider integrations with reputable privacy-shield certified vendors to assist brands with personalized consumer experiences such as cross channel orchestration and message relevancy at an anonymized individual or cohort level?

Apple doesn’t appear to have any current plans to do so. They have recently announced the support for view-through attribution, including video, and applying private click measurement which gives their privacy-preserving ad attribution API through safari across the app to web experience within SKAdNetwork which is designed to help advertisers measure the success of ad campaigns while maintaining user privacy.

7. As brands with broad consumer engagement points (including multiple apps) work toward brand-wide explicit consent frameworks, how does Apple plan to integrate with, support, and manage a positive customer experience for the consumer so that they are not forced to update/add/delete their various devices and channels?

There is no impact within a suite of owned properties. This can be done without popping the prompt other than the change to use the IDFV for this kind of activity. The restriction of the policy comes into play when providing identity and data to other companies. Anything shared for security or fraud on your behalf doesn’t need the prompt. This is targeted at advertising use cases and data brokerage.