Apps must ask for your explicit permission before tracking your activity across other apps and websites for advertising purposes, and cannot penalize you or offer you fewer features if you decline.
This analysis describes what Apple's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a consent gate that users must pass through before cross-app and cross-website behavioral tracking for advertising can occur, and prohibits retaliatory restriction of app functionality for users who decline.
Consumers are required to receive an explicit opt-in prompt before an app may track their activity across other apps or websites for advertising or measurement purposes; declining this prompt is expressly protected from adverse app functionality consequences under the guidelines.
How other platforms handle this
Only to the extent Customer cannot reasonably be satisfied with Mistral AI's compliance with this DPA through the exercise of the audit set out in Section 9.1 (Document Audit) of this DPA, Customer may conduct up to one (1) on-site audit per year to verify Mistral AI's compliance with this DPA, unde...
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
We use cookies and similar tracking technologies to track the activity on our websites and services and store certain information. Tracking technologies used include beacons, tags, and scripts to collect and track information and to improve and analyze our services. You can instruct your browser to ...
Monitoring
Apple has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Apps that use device data from third-party apps and websites to target ads or to measure advertising campaign effectiveness must request permission to track using the App Tracking Transparency framework. Apps must not track users who have not granted permission to be tracked. Apps must not offer different functionality or content in response to a user's decision to not allow tracking.— Excerpt from Apple's Apple App Store Review Guidelines
REGULATORY LANDSCAPE: The AppTrackingTransparency requirement engages with GDPR consent requirements (enforced by EU data protection authorities, particularly regarding behavioral advertising and the legal basis of consent), ePrivacy Directive obligations, and CCPA opt-out rights. The FTC has examined behavioral advertising consent practices under the FTC Act. The guidelines prohibit apps from conditioning functionality on tracking consent, which aligns with GDPR requirements that consent be freely given. GOVERNANCE EXPOSURE: High. Developers using advertising SDKs or measurement tools that collect cross-app or cross-website behavioral data must implement ATT prompts and cannot gate core functionality behind tracking consent. Non-compliance exposes developers to App Store rejection and potential regulatory enforcement, particularly in the EU where GDPR consent requirements for behavioral advertising are actively enforced. JURISDICTION FLAGS: EU developers must ensure ATT implementation satisfies GDPR consent standards, including that the consent request is specific, informed, and freely given. California developers should assess whether ATT consent also satisfies CCPA opt-out obligations or whether supplemental mechanisms are needed. CONTRACT AND VENDOR IMPLICATIONS: Advertising and measurement SDK vendors integrated into apps must operate within ATT permissions. Vendor contracts should address what happens when users decline tracking, including data minimization obligations and audit rights over vendor data processing. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that ATT prompt language accurately describes the tracking purpose, that tracking does not begin before permission is granted, and that app functionality does not degrade for users who decline. SDK audit processes should confirm that embedded advertising tools respect ATT permissions and do not employ alternative tracking methods that circumvent the consent requirement.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a consent gate that users must pass through before cross-app and cross-website behavioral tracking for advertising can occur, and prohibits retaliatory restriction of app functionality for users who decline.
Consumers are required to receive an explicit opt-in prompt before an app may track their activity across other apps or websites for advertising or measurement purposes; declining this prompt is expressly protected from adverse app functionality consequences under the guidelines.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Apple.