France’s CNIL has fined Apple $8.5 million for collecting iPhone user data without obtaining prior consent.

Apple has tried to position itself as a privacy-first company, often highlighting the difference between it and Google or Meta. A major part of that marketing is making the case that Apple doesn’t want, need, or care about user data. Unfortunately, the reality isn’t quite matching up to the hype.

The CNIL has fined Apple for collecting data from iPhone users that it then used for targeted ads, all without obtaining prior consent from the users. According to the regulatory agency, the Cupertino company did not get “the consent of French iPhone users (iOS version 14.6) before depositing and/or writing identifiers used for advertising purposes on their terminals.”

What’s more, the CNIL says Apple make it unnecessarily difficult for individuals to deactivate the data collection, especially since the option was not available during initial setup.

The fine is unusual for Apple, given the company’s well-cultivated reputation, but it does illustrate a growing disparity between Apple’s image and reality. Apple has previously been accused of being the primary beneficiary of its privacy crackdown, while other companies have been significantly harmed.

Similarly, Apple has been accused of turning a blind eye to companies that have used loopholes to bypass the iOS App Tracking Transparency feature, continuing to track users against their wishes.

If Apple wants to continue to maintain its reputation as a privacy-first company, it clearly has work to do in order to live up to its own marketing hype.