From the Office of the Privacy Commissioner of Canada:
An individual alleged that he was unnecessarily required to provide payment information and his date of birth for downloading a free application from the Apple Canada Inc. (“Apple”) website because of Apple’s requirements for creating an Apple ID.
Our investigation found that all customers must have an Apple ID to access online services, such as downloading applications. After discussing Apple`s requirements for creating an Apple ID, we accepted the organization’s argument that it must reliably authenticate, differentiate and verify its several million Canadian customers and that using a birth date for this purpose is an acceptable practice. However, after our discussions with Apple we noted that its privacy policy did not fully identify the purposes for which it collects personal information from users (specifically, Apple’s collection of date of birth information for the purposes of authentication). We raised this issue with Apple, and it subsequently agreed to revise its privacy policy. As a result, this aspect of the complaint was deemed well-founded and conditionally resolved, pending implementation of our recommendation.
With regard to the collection of financial information, Apple affirmed that there were online instructions in the website’s support section for users on how to download free applications without providing payment information. Apple further asserted that these instructions could be found by using the search term “credit card” in its website’s search engine.
Our Office’s technical analysis ─and our review of hundreds of comments posted by similar frustrated users in an Apple open forum─led to our view that Apple was not making information about its policies and practices concerning the collection of credit card information clearly and directly accessible to individuals at the relevant point in time (i.e., at user registration). We were concerned that Apple’s practices could result in the over-collection of sensitive payment information.
We deemed this aspect of the complaint to be well founded, and recommended that Apple clearly communicate to users that a form of payment is not required when registering for an Apple ID for the purpose of downloading a free application. We recommended that Apple could achieve this by adding the option of proceeding without the need to supply payment information at every point of registration. In response to our final report of findings, Apple agreed to our recommendation. In the end, we were very pleased with Apple’s commitment to users in agreeing to address the issues stemming from our investigation.