Italy Fines Apple €98.6 Million Over App Tracking Transparency Abuse

Key Takeaways

• €98.6 Million Abuse of Dominance Fine: The Italian Competition Authority fined Apple €98,635,416.67 abusing its dominant position in the iOS app distribution market under Article 102 TFEU.
• ATT Policy Deemed Anti-Competitive: Regulators found that Apple’s App Tracking Transparency framework imposed disproportionate and unilateral conditions on third-party developers, restricting competition.
• Double Consent Harms Advertising Models: The requirement for developers to obtain user consent twice for the same advertising purpose reduced consent rates and harmed developers, advertisers, and ad intermediaries, with smaller players hit hardest.
• Privacy Goals Could Be Met with Fewer Restrictions: The Authority concluded that Apple could have achieved the same level of user privacy protection through less restrictive means, such as a single-step consent process.
• Self-Preferencing Concerns Identified: The decision notes that Apple’s own advertising services are not subject to the same constraints, potentially benefiting from higher App Store commissions and increased ad revenues.

Deep Dive

The Italian Competition Authority has fined Apple more than €98.6 million for abusing its dominant position through the design and implementation of its App Tracking Transparency policy, marking a significant competition-law ruling at the intersection of privacy and digital advertising.

In a decision published under case number A561, the Authority concluded that Apple breached Article 102 of the Treaty on the Functioning of the European Union by imposing disproportionate and restrictive conditions on third-party app developers operating within the iOS ecosystem. The €98,635,416.67 penalty was levied jointly against Apple Inc., Apple Distribution International, and Apple Italia.

At the heart of the case is Apple’s App Tracking Transparency framework, introduced in April 2021, which requires iOS users to explicitly consent before apps can track their activity across other apps and websites for advertising purposes. While the Authority stressed that it does not challenge Apple’s right to strengthen user privacy protections, it found that the way ATT was implemented distorted competition in the market for app distribution to iOS users, where Apple holds what regulators described as an “absolute” or “super-dominant” position through the App Store.

According to the Authority, third-party developers are forced to display Apple’s ATT consent prompt, which does not itself satisfy the full consent requirements imposed on developers under privacy law. As a result, developers must present a second, separate consent request of their own to lawfully collect and link user data for advertising. This “double consent” mechanism, regulators found, is imposed unilaterally by Apple, harms developers’ commercial interests, and is disproportionate to Apple’s stated privacy objectives.

The investigation, which began in May 2023 and was expanded in October 2024, was conducted in coordination with the European Commission, other national competition authorities, and Italy’s data protection regulator. In an opinion delivered in August 2025, the Italian data protection authority indicated that equivalent levels of user privacy could have been achieved without forcing developers to seek consent twice for the same advertising purpose.

From a competition perspective, the Authority found that the additional friction created by the double consent process led to lower consent rates for advertising profiling within the iOS environment. Because user data are a critical input for targeted advertising, this reduction in consent directly constrained developers’ ability to monetize through ads, particularly affecting smaller operators with more limited data resources. The investigation also found concrete market effects, including reduced revenues for developers and advertising platforms and increased costs for advertisers.

Regulators further concluded that Apple’s approach went beyond what was necessary to protect users and instead imposed excessive burdens on third-party developers, in violation of the EU principle of proportionality. The Authority noted that developers were not consulted prior to the introduction of ATT and had no meaningful ability to negotiate or influence the rules governing access to the App Store.

The decision also highlights concerns about self-preferencing. While third-party developers and advertising intermediaries are subject to the stricter ATT regime, Apple’s own advertising services are not bound by the same constraints. The Authority found that this asymmetry likely generated financial benefits for Apple, both through higher App Store commissions and through growth in its own advertising business.

The infringement was classified as an exploitative abuse under Article 102(a) TFEU and was found to have begun in April 2021 and to be ongoing. While the ruling does not call into question Apple’s broader privacy strategy, it draws a clear line between legitimate privacy safeguards and measures that unnecessarily restrict competition in markets where a single firm controls access.

The case adds to mounting scrutiny across Europe of how dominant digital platforms balance privacy, competition, and their own commercial interests, particularly as enforcement bodies increasingly examine whether privacy-driven design choices can also function as competitive restraints.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.