Apple has been hit with a pair of complaints over its Identifier for Advertisers (IDFA) from European commercial privacy not-for-profit NOYB.

The IDFA enables advertisers to track users via unique device ID numbers for better ad targeting. However, NOYB argues that, because tracking codes are placed on devices without consent, they are in breach of EU law.

“EU law protects our devices from external tracking,” said Stefano Rossetti, Privacy Lawyer at NOYB. “Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used. While Apple introduced functions in their browser to block cookies, it places similar codes in its phones, without any consent by the user. This is a clear breach of EU privacy laws.”

NOYB also acknowledges Apple’s plans to restrict the use of IDFA for third parties but says this doesn’t go far enough, as Apple will not impose the same restrictions on itself. Under the plans, a dialogue box will appear when first opening an app to ask for access to the IDFA. At the same time, the initial storage of the IDFA and Apple’s use of it will continue without prior user consent.

“We believe that Apple violated the law before, now and after these changes,” said Rosseti. “With our complaints we want to enforce a simple principle: trackers are illegal, unless a user freely consents. The IDFA should not only be restricted, but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default.”

NOYB’s complaints have been filed in both Spain and Germany under Article 5(3) of the e-Privacy Directive rather than under GDPR, meaning the authorities in both nations do not need to cooperate with the EU.

NOYB is currently also reviewing a similar tracking system being used by Google.