This most recent fine reflects an increasing skepticism in the EU around the competition impacts from Apple’s claims of its superior privacy and security features

The AdC fined Apple €150m for harming third-party developers through its App Tracking Transparency framework

On 31 March 2025, the French competition authority, the Autorité de la concurrence (AdC), announced a €150m (£125m) fine against Apple for anticompetitive behaviour in the implementation of its App Tracking Transparency (ATT) framework. The decision concludes an antitrust investigation launched in March 2021 by the regulator, which predated the release of the ATT scheme in April 2021 but responded to pre-emptive complaints filed by several associations representing firms in online advertising. The AdC clarified that the ATT framework is not inherently anticompetitive but instead was designed to introduce unnecessary complexity for users and additional friction for third-party apps, which combined to advantage Apple’s own apps and disadvantage third-party developers. Apple is currently facing a similar investigation by the Bundeskartellamt in Germany, in which the competition authority has issued provisional findings similar to the AdC, stating that Apple has hindered competition by creating a biased system for third parties to access and use user data.

The regulator found that the ATT system was both unnecessary for meeting regulatory obligations and burdensome for consumers

While the AdC acknowledges that Apple may have acted on a legitimate commercial interest in enhancing user privacy through the creation of the ATT framework, the firm failed to reconcile this objective with its dominant position in the market, resulting in an abuse of power that harmed competitors. Specifically, the ATT system requires that users consent multiple times to the collection and use of their personal data for advertising purposes when using third-party apps downloaded from the Apple App Store and installed within the iOS ecosystem. In its decision, the regulator first established that the ATT system is unnecessary for meeting obligations under privacy regulations and therefore is not a case of balancing competing public policy objectives. According to the AdC, the consent collected through the iOS-generated prompts does not meet GDPR compliance standards imposed on third-party developers, and that these developers must therefore collect and manage consent from users separately. Additionally, the ATT system requires users to consent twice to allow for the collection of their data, but decline only once to prevent it. As such, users of third-party apps are presented with repeated consent screens that the AdC stated undermined the informed nature of a user’s consent and created a needlessly complex pathway for users.

Apple provided its proprietary services with preferential treatment, only requiring users to navigate through one consent screen

In addition to added friction for collecting consent in third-party services, Apple was found to give its own apps and sites preferential treatment in how it manages consent for data use. Prior to the release of iOS 15 in September 2021, Apple failed to obtain any data collection consent from French users of its proprietary services, for which CNIL, the French data protection authority, fined the firm €8m (£6.9m) in 2022. Following the release of iOS 15 and the creation of a consent prompt in Apple services, however, the AdC found that the firm continued to only require users to consent only once to data use by its proprietary services as compared to the double consent required of third-parties subject to the ATT framework. Though Apple is now in compliance with privacy obligations, the AdC found that Apple’s self-preferential treatment amounted to an abuse of its dominance in the market for distribution of mobile applications.

While Apple continues to highlight its privacy offerings, the EU appears increasingly skeptical of the competition impacts of the closed ecosystem that enable them

The AdC was particularly concerned with the harms experienced by smaller publishers that rely on third-party data collection to finance their operations. Unlike some larger and vertically integrated competitors, these publishers tend to lack sufficient proprietary data to target consumers without cookies or an Identifier for Advertisers (IDFA) marker enabled by the ATT system. In response to the decision, Apple stated that its “[consent] prompt is consistent for all developers, including Apple,” denying preferential treatment for its own services. The firm also emphasised that the ATT framework is supported by “consumers, privacy advocates, and data protection authorities around the world," in contrast to the AdC’s discussion of how the tool fails to meet privacy regulation standards. Having long aimed to compete on the strength of its privacy and security features, Apple has been the subject of increasing scrutiny around the limitations it places on third-party features within its ecosystem. In March 2025, the EC issued its decision in a specification proceeding conducted with the firm under the Digital Markets Act (DMA), requiring Apple to open up interoperability to nine features in its mobile ecosystem. As the EU broadly reassesses its reliance on US-based tech firms, Apple’s claims of superior privacy and security appear less important for regulators investigating its conduct in the context of competition.