Comment by d1zzy
6 years ago
> Except it does not affect Google, because Google has this install ID to use both for tracking and preventing ad-fraud.
So when Apple releases a privacy feature, that doesn't affect them as a business, we praise the feature or we say "except it doesn't affect Apple" and somehow try to argue how the feature is less valuable because of that?
Of course we'd say "except it doesn't affect Apple"...
If there's a privacy gap, (and Apple is actively exploiting that gap)
When Apple patches it, (while leaving it open for themselves)
They'll get called out.
Apple is not engaged in illegal data harvesting to gain a competitive advantage over other services in the same space. Google's collection of personal data with the x-client-data header without user consent is illegal under GDPR.
This relies on the (unfounded) assumption that this pseudonymous ID is being used for tracking purposes and that Google is actively lying about it.
GDPR treats an IP address as personal data. The data is not transmitted through an anonymizing network, so Google has access to the user's IP address when they receive the data.
Anything that is associated with personal data also becomes personal information, therefore Google is transmitting personal data without user consent, which is illegal.
Asking for consent is not required under GDPR when the data collection is needed for a service to function. This is not the case here, Google services function without receiving that header, the data is used by Google to gain a technical advantage over other web services.
12 replies →