A Day in the Life

of Your Data

A Father-Daughter Day at the Playground

April, 2021

“I believe people are smart and some people

want to share more data than other people do.

Ask them. Ask them every time. Make them

tell you to stop asking them if they get tired

of your asking them. Let them know precisely

what you’re going to do with their data.”

Steve Jobs

All Things Digital Conference, 2010

3

Over the past decade, a large and opaque industry has been amassing increasing amounts of personal data.1,2 A complex ecosystem of websites, apps, social media companies, data brokers, and ad tech firms track users online and offline, harvesting their personal data. This data is pieced together, shared, aggregated, and used in real-time auctions, fueling a $227 billion-a-year industry.1 This occurs every day, as people go about their daily lives, often without their knowledge or permission.3,4 Let’s take a look at what this industry is able to learn about a father and daughter during an otherwise pleasant day at the park. Did you know?

Trackers are embedded in

apps you use every day: the

average app has 6 trackers.3

The majority of popular Android

and iOS apps have embedded

trackers.5,6,7

Trackers are often embedded

in third-party code that helps

developers build their apps.

By including trackers, developers

also allow third parties to collect

and link data you have shared

with them across different apps

and with other data that has been

collected about you.

Data brokers collect and sell,

license, or otherwise disclose

to third parties the personal

information of particular individ-

uals with whom they do not have

a direct relationship.3

4

John plans a day at the park with his daughter

John and his 7-year-old daughter, Emma, are spending the day together. In the morning, John uses his computer to look up the weather, read the news, and check a map app on his smartphone for traffic conditions for a trip to the playground next to his daughter’s school. During the ride, there are 4 apps on his phone collecting and tracking their location data periodically in the background.16,17,18 After the data has been extracted from the device, app developers sell it to a host of obscure third-party data brokers that John has never heard of.16,17 Although the location data collected is claimed to be anonymous, user track- ing allows data brokers to match John’s location history from these apps with information collected from his use of other apps.16,19 This means information tracked across different apps and from multiple sources is available for any company or organization to purchase, and could be used to create a comprehensive profile about him that includes his precise day-to-day movements.3,16

Emma plays a game on the ride

to the park

On the ride to the playground, John lets his daugh- ter play a game on his tablet. When she opens the

app, she sees an ad for a scooter — and that was no accident. In the split second the app loaded, an auc- tion occurred for the ad space.14 Through intermedi- aries, the advertising companies working on behalf of the scooter company learned about the available ad.15 Then, using personal data collected about

John and Emma, they bid on the ad.15 The scooter

company’s advertising partners continue to collect information about John and Emma’s behavior after

seeing the ad, to determine if they clicked on it, or bought the scooter.3 And they will continue to

advertise the scooter in every way they can to John and Emma, following them across different apps

and websites on all of John’s devices.3,20,21

Hundreds of data brokers

harvest online and offline data.8

One broker collects data on 700

million consumers worldwide,

creating consumer profiles with

up to 5,000 characteristics.9

Every hour of every day, billions

of digital ads are shown to users

online.11,12,13 In the milliseconds

it takes an ad to load, a real-time

auction takes place, during which

advertisers bid on the ad space,

often relying on tracked personal

data about the individual14,15

A study found that in nearly 20%

of children’s apps, developers

collected and shared personally

identifiable information without

verifiable parental consent.10

85

Jones Family

$XX.XX

BUY

$60K

5

ALBUMS

John Jones

(202) 555 - 0114

A stop at the ice cream shop on the way home

On the way home, John and Emma stop for ice cream as a treat. John pays for the ice cream with a credit card, and more information is added to the compre- hensive data profile of his preferences: the location of the store and how much he spent.31.32.33 One of the apps that track John’s location is able to observe that John and Emma also stopped by a toy store.3 The information about where the family shopped during the day is passed along to data brokers, who combine it with the knowledge that he has a young child to pepper John’s devices with targeted ads for sugary treats and for the toy store they visited.17 John and Emma take a selfie

at the park

Later, at the playground, John and Emma

take a selfie. They play with a photo filter

app, settling on adding bunny ears to the

photo. The filtering app, however, is able

to access all the photos on the device

and the attached metadata, rather than

only the playground selfie.29,30 John

posts the picture on a social media

app. The app links John’s current online

activity to a trove of data collected by

other apps, such as his demographic

information and purchasing habits, using

an email address, a phone number or an

advertising identifier.3

Some apps request access to

more data than is required to

provide their service, such as a

keyboard app requesting precise

location access.5

Data brokers use the data they

harvest to assign attributes

to users and bucket them into

hyper-detailed market segments,

such as individuals who are

“trying to lose weight but still love

bakeries.”26 But these profiles are

often wrong: a study found that

over 40% of the attributes are

inaccurate.27,28

The exchange of information

can go to advertising networks,

advertising publishers, attribution

and measurement providers,

data brokers, other private com-

panies and even governmental

organizations.3,15,40,41,42 Social

media and ad tech companies

either face or have paid millions in

fines for using personal data for

purposes outside those they had

specified to the user at the time

of collection.22,23,24,25

011010

110110100

011*********

000********

111********

111*******

101100

6

At the end of the day, a number of companies John has never interacted with, all around the world, have updated their profiles with information about him and his daughter. These companies know the location of the family’s house, the park they visited, the news websites they read, the products they browsed, the ads they watched, their purchasing habits, and the stores they visited.3,34 This data was collected and tracked across multiple apps John and his daughter used throughout the day, as well as from other sources. John had no idea how much data was being collected throughout the day, didn’t always have control over it, and didn’t knowingly give permission for it to occur.3,4 As they search for a kid’s movie on an app in their smart TV to kick back for the evening, the cycle of tracking, exchanging data, auctioning, and re-targeting relentlessly continues.35,36

$60K

7

Apple’s privacy principles

Apple believes that privacy is a fundamental human right. We design our products and services guided by our four key privacy principles: Data Minimization

Collecting only the minimum

amount of data required to

deliver what you need for a

given service.

User Transparency and Control

Making sure that users know

what data is shared and how it is

used, and that they can exercise

control over it.

On-Device Processing

Processing data on the device,

wherever possible, rather than

sending it to Apple servers, to

protect user privacy and minimize

data collection.

Security

Hardware and software working

together to keep data secure.

Through those four principles, Apple’s goal has always been to let users share data as they wish, in a way that is safe, and that they understand and control. This is the reason why, for the last two decades, Apple has continuously innovat- ed to preserve user privacy through all of our products and services. For example, we employ on-device intelligence and other features to minimize the data that we collect in our apps, browsers, and online services, and we do not create a single comprehensive user data profile across all of our apps and services. To learn more about the privacy

features Apple has introduced,

and the work Apple is doing to

protect users’ privacy, visit

apple.com/privacy.

To learn more about how Safari

protects your privacy, read the

Safari White Paper.

To learn more about how Apple

protects your location data, read

the Location Services White

Paper.

8

Apple’s privacy features give John more transparency and control over his data

The story of John and Emma’s day illustrates the privacy problems and solutions we’re working on at Apple.

John plans a day at the park with his daughter

If John had used the Safari browser to check the weather on his computer, Intelligent Tracking Prevention would have prevented tracking of this activity by default. If John had used Apple News to read the news in the morning, Apple would have delivered John content based on his interests, without knowing who he is or learning what he read. If John had used Apple Maps to check the traffic, his location data would have been linked to a random identifier, which is regularly reset and not linked to John. As a result, no one but John would end up with knowledge of his location.

On an iPhone, John would be periodically reminded of which apps are accessing his location in the background. Before sharing location with an app, John could choose to only share his approx- imate location, or only share his location once.

Emma plays a game on the ride to the park

On an iPad, the upcoming App Tracking Transparency feature would give John a choice as to whether to allow the game to track Emma’s activity across apps and websites owned by other companies.

Ad networks that use Apple’s SKAdNetwork API would be able to measure the overall effectiveness of their ads without getting access to information that could be traced back to John’s device. John and Emma take a selfie at the park

On an iPhone, John would have had the choice to give the filter app access to only the selfie, instead of the entire photo library.

A stop at the ice cream shop on the way home

If John had bought the ice cream using Apple Card, his bank would not use his transaction information for marketing purposes. Had he used Apple Pay, Apple would have used on-device intelligence so that John could view his transaction history on his iPhone without Apple obtaining information about where he shopped, what he purchased, or how much he spent. At the end of the day, Apple products and privacy features can give John better transparency and control throughout the day over how much of his data is shared, and how it is used.

OFF

OFF

OFF

OFF

OFF

OFF

OFF

9

App Tracking Transparency and the new privacy

information section on the App Store

Apple is taking the next step to protect users’ privacy within the app ecosystem. As a com- plex and growing set of entities access, track, and monetize personal consumer data, Apple is introducing two new features aimed at providing users with increased transparency, visibility, and choice so that they can make informed choices and exert greater control over their privacy. Starting soon, with our next beta update, App

Tracking Transparency will require apps to get

the user’s permission before tracking their

data across apps or websites owned by other

companies. Under Settings, users will be able

to see which apps have requested permission

to track so they can make changes as they see

fit. This requirement will roll out broadly in early spring with an upcoming release of iOS 14, iPa-

dOS 14, and tvOS 14, and has already garnered

support from privacy advocates around the

world. In designing this feature, Apple sought to

give users more transparency and control while

continuing to enable advertising as an appro-

priate and viable means of supporting apps and

web content. The introduction of past features,

such as Safari Intelligent Tracking Prevention,

have shown that advertising can continue to

be successful while enhancing users’ privacy

protections. App Tracking Transparency allows

users to make more informed choices about the

apps they use and the permissions they grant

to those apps. With App Tracking Transparency,

users can now choose whether to allow apps

to track them. For apps that users trust and

provide permission to track, developers can

continue to do so.

In addition to requiring user permission for

tracking, Apple also recently introduced

changes to App Store product pages to

increase transparency. With the new App Pri-

vacy section, the App Store helps users better

understand some of an app’s privacy practices.

Each app’s product page is required to provide

users an easy-to-view summary of developers’

privacy practices. The details pages include

information on the types of data that the app

collects, such as photos, location, and contact

information. The pages also provide users with

additional details about how each kind of infor-

mation is used by the app developer, including

whether it is used for tracking, and whether the

data is linked to the user. All app developers,

including Apple, are required to self-report

information regarding their privacy practices.

The addition of app tracking settings and transparency and privacy information on App Store product pages empowers users to more easily learn how their personal data is used, shedding light on practices that were previously opaque and hidden, allowing them to take greater control of their data.

Apple will continue to develop innovative privacy technologies and work on new ways to keep your personal information safe.

10

A Day in the Life of an Ad

Ad Auctions

When Emma saw an ad for a scooter on John’s screen, it wasn’t an accident. Advertisers bid in an auction to show their ad on the device.37 Here is a simplified explanation of how, in a fraction of a second, the ad displayed on the device’s screen was picked: 1.

The developer of the app

Emma is using hires an ad

tech company that auctions

off their ad space in real

time.14

2.

When Emma opens the app,

the advertising network gath-

ers data from the use of John’s

device (for instance, which

app she’s using, her location,

and John’s advertising ID),

as well as from third-parties,

relying on John’s advertising

ID or other information that

enables tracking.3

3.

The advertising network shares

some of this information, in

particular the advertising ID, with

potential advertisers. Before

bidding, advertisers typically

try to learn as much as possible

about the user, from their own

data as well as from personal

data collected and aggregated

via tracking and profiling.3,15

4.

The more John and Emma’s

characteristics — that are

derived from their data —

align with the advertiser’s

target audience, the more

advertisers will bid for the

ad space.15,38

5

The winning bidder’s ad for

a scooter is displayed on the

device Emma is using.14

Because the ad auction process happens in a fraction of a second, both buyers and sellers collect, exchange and use personal data to bid for space and display ads.14,15

2x

BID

BID

BID

11

Ad Attribution

After its ad is shown to the user, the scooter company’s advertising companies are interested in measuring its effect on Emma’s behavior. This process is called ad attribution.

To do so, the advertiser tries to track behavior on the device Emma’s using, to collect information on what she does on the web, on apps, and even where she goes offline.

• If the ad is for a product, the advertiser could try to track whether the user later visited its website or physical store to purchase it.3

• If the ad was for an app, the advertiser would try to track whether she installed it. This is called app install attribution.39

Advertisers also use ad attribution to “optimize” their ad campaign towards groups for which the ad campaign is more effective.3

It doesn’t have to be that way. Advertisers can measure the impact of their ad campaigns toward groups without tracking users. Apple has been working on tools that do this while preserving user privacy:

SKAdNetwork lets advertisers know

how many times an app was installed

after ads for it were seen, so adver-

tisers can measure the impact of their

ad campaign. But this information

is designed not to share any user or

device-level data, so advertisers don’t

track users.

Private Click Measurement for apps in

iOS and iPadOS 14.5 allows advertisers to

measure the impact of ads that lead users

to a website while minimizing data col-

lection using on-device processing. After

a user clicks on an ad for a product in an

app, the web browser itself, using Private

Click Measurement can give advertisers

information that a user clicked on their

ad, and that it led to a certain outcome on

their website, such as a visit or a purchase

— without giving them information about

who specifically clicked on the ad.

12

Frequently Asked Questions

Will I still be able to use the app’s full capabilities if I select “Ask App not to Track”? Yes. App developers cannot require you to permit tracking in order to use the app’s full capabilities. What are identifiers and how are they used?

Identifiers such as the Identifier For Advertisers (IDFA) and email address help identify a specific de- vice across a network. They also allow advertisers to create a detailed profile of your activity across different apps or websites when they see your device identifier and associate your activity with it. What is the Identifier For Advertisers (IDFA)?

The Identifier For Advertisers (IDFA) is a user-controllable identifier assigned by iOS to each de- vice. As a software-based identifier rather than one that is tied to the hardware itself, the IDFA can be blocked for a particular app by the user via the App Tracking Transparency prompt. This gives the user control over IDFA-based tracking.

Can Apple guarantee that an app isn’t tracking me if I select “Ask App not to Track”? If you select “Ask App not to Track,” the developer will not be able to access the identifier for advertisers (IDFA), which is often used to track. The app developer is also required to respect your choice beyond the advertising identifier. This is required by the policies the developer agrees to when submitting their app for distribution on the App Store — if we learn that a developer is track- ing users who ask not to be tracked, we will require that they update their practices to respect your choice, or their app may be rejected from the App Store. If I use my social media account to sign into an app, can the social media company track what I do in that app?

This depends on whether you’ve given the app permission to track you. If you select “Ask App not to Track,” then the app should not engage in tracking you across other companies’ apps or websites for advertising, or share your information with a data broker. That means they should not provide your information to the social media company if it will be used for that purpose. How does Apple ensure the privacy information on App Store product pages is accurate?

Similar to how Age Ratings work on the App Store, developers report their own privacy practices. If we learn that a developer may have provided inaccurate information, we will work with them to ensure the accuracy of the information.

What is a data broker?

In general, a data broker is a company that regularly collects and sells, licenses, or otherwise discloses to third parties the personal information of particular end-users with whom the business does not have a direct relationship. Data brokers are defined by law in some jurisdictions. 13

1. Gröne, Florian, Pierre Péladeau, et al., “Tomorrow’s data heroes,” Strategy+Business, February 19, 2019.

2. Reinsel, David, John Gantz, et al., “The Digitization of the World: From Edge to Core,” IDC, November 2018. 3. Competition & Markets Authority, “Online platforms and digital advertising,” July 1, 2020.

4. Hitlin, Paul, and Lee Rainie, “Facebook Algorithms and Personal Data,” Pew Research Center, January 16, 2019. 5. AppCensus, “1,000 Mobile Apps in Australia: A Report for the ACCC,” September 24, 2020.

6. Binns, Reuben, Ulrik Lyngs, et al., “Third Party Tracking in the Mobile Ecosystem,” Proceedings of the 10th ACM Conference on Web Science, 2018, pp. 23-31.

7. MightySignal, “Most Used SDKs in Top 200 Free iOS Apps,” mightysignal.com/top-ios-sdks.

8. State of California Department of Justice, “Data Broker Registry,” oag.ca.gov/data-brokers.

9. Acxiom Corporation, 2018 Form 10-K, filed

May 25, 2018, www.sec.gov/Archives/edgar/

data/733269/000073326918000016/a2018q410k.htm.

10. Reyes, Irwin, Primal Wijesekera, et al., “‘Won’t Somebody Think of the Children?’ Examining COPPA

Compliance at Scale,” Proceedings on Privacy Enhancing Technologies, Vol. 2018, No. 3, 2018, pp. 63-83.

11. Edwards, Jim, “Here’s The Staggering Number of Ads Facebook Serves On Its Exchange Every Day,” Business Insider, November 9, 2012.

12. Kim, Larry, “How Many Ads Does Google Serve In A Day?,” Business 2 Community, November 2, 2012.

13. Deighton, John, and Leora Kornfeld, “The Socioeco- nomic Impact of Internet Tracking,” Interactive Advertising Bureau, February 2020.

14. Hwang, Tim, Subprime Attention Crisis: Advertising and the Time Bomb at the Heart of the Internet, FSG Origi- nals, October 13, 2020.

15. Australian Competition and Consumer Commission,

“Digital advertising services inquiry - Interim report,” December 2020.

16. Thompson, Stuart A., and Charlie Warzel, “Twelve Million Phones, One Dataset, Zero Privacy,” The New York Times, December 19, 2019.

17. Nanos, Janelle, “Every step you take: How companies use geolocation data to target you – and everyone around – in ways you’re not even aware of,” The Boston Globe, July 21, 2018.

18. Vitaldevara, Krish, “Safer and More Transparent Access to User Location,” Android Developers Blog, February 19, 2020.

19. Schechner, Sam, and Mark Secada, “You Give Apps Sensitive Personal Information. Then They Tell Facebook,” The Wall Street Journal, February 22, 2019.

20. Facebook for Business, “Measuring Conversions on Facebook, Across Devices and in Mobile Apps,” August 14, 2014.

21. Bender, Brad, “New digital innovations to close the loop for advertisers,” Google Ads & Commerce Blog, September 26, 2016.

Sources

22. Federal Trade Commission, “FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Face- book,” July 24, 2019.

23. Chin, Kimberly, “Twitter Could Pay FTC Fine Over Al- leged Privacy Violations,” The Wall Street Journal, August 3, 2020.

24. Satariano, Adam, “Google Is Fined $57 Million Under Europe’s Data Privacy Law,” The New York Times, January 21, 2019.

25. Schiffer, Zoe, “Period tracking app settles charges it lied to users about privacy,” The Verge, January 13, 2021. 26. Thompson, Stuart A., “These Ads Think They Know You,” The New York Times, April 30, 2019.

27. Venkatadri, Giridhari, Piotr Sapiezynski, et al., “Auditing Offline Data Brokers via Facebook’s Advertising Platform,” The World Wide Web Conference, 2019, pp. 1920-1930. 28. Leetaru, Kalev, “The Data Brokers So Powerful Even Facebook Bought Their Data - But They Got Me Wildly Wrong,” Forbes, April 5, 2018.

29. Grothaus, Michael, “The top 7 iOS 14 privacy features: What you need to know,” Fast Company, September 16, 2020.

30. Germain, Thomas, “How a Photo’s Hidden ‘Exif’ Data Exposes Your Personal Information,” Consumer Reports, December 6, 2019.

31. Helm, Burt, “Credit card companies are tracking shop- pers like never before: Inside the next phase of surveillance capitalism,” Fast Company, May 12, 2020.

32. Ramirez, Edith, Julie Brill, et al., “Data Brokers: A Call for Transparency and Accountability,” Federal Trade Com- mission, May 2014.

33. Oracle, “12 Must-Ask Questions to Separate Fact from Fiction,” www.oracle.com/a/ocom/docs/idg-12-must-ask- questions-for-identity-vendors.pdf.

34. Hern, Alex, “‘Anonymous’ browsing data can be easily exposed, researchers reveal,” The Guardian, August 1, 2017.

35. Fowler, Geoffrey A., “You watch TV. Your TV watches back,” The Washington Post, September 18, 2019.

36. X-Mode, “Data Licensing,” xmode.io/data-licensing/. 37. If the user age associated with the Apple ID registered to a device is under 18, IDFA access is disabled by default, and cannot be granted to any developer.

38. Google Ads Help, “About Smart Bidding,” support. google.com/google-ads/answer/7065882?hl=en.

39. Litfin, Marne, “What is Mobile ad attribution? An intro- duction to app tracking,” Adjust, February 4, 2019. 40. Cox, Joseph, “The IRS Is Being Investigated for Using Location Data Without a Warrant,” Vice, October 6, 2020. 41. Cox, Joseph, “How the U.S. Military Buys Location Data from Ordinary Apps,” Vice, November 16, 2020.

42. Cox, Joseph, “CBP Bought ‘Global’ Location Data from Weather and Game Apps,” Vice, October 6, 2020.

Contact this candidate