iOS14: Should both ATT prompt and GDPR consent be shown to collect first party data?

+2 votes

We were planning to not show the ATT prompt as the IDFA is irrelevant now and we rely on fingerprinting and 1st party data (emails). 

For the 1st party data, we were planning to collect opt-in consent as part of GDPR. 

I've seen the part below on Apple's site and I'm wondering if now we have to show both? Any advice would be more than welcome. 

From FAQ section here - https://developer.apple.com/app-store/user-privacy-and-data-use/

If I have not received permission from a user via the tracking permission prompt, can I use an identifier other than the IDFA (for example, a hashed email address or hashed phone number) to track that user?
No. You will need to receive the user’s permission through the AppTrackingTransparency framework to track that user.
by (140 points)

1 Answer

+1 vote
Keep in mind that ATT applies to advertising tracking. If you want to collect a user's email for the purposes of eg. internal analytics or promotion (like sending them a welcome email, or sending them a special offer) then you're really only bound by GDPR constraints. Exposing the user to a GDPR consent form is probably more of a necessity than exposing them to an ATT prompt: you can skip the ATT prompt altogether if you don't plan to collect data for the purposes of ad tracking.

Note that fingerprinting is not allowed under iOS14 guidelines if the user has not opted into ATT.
by (13.8k points)

Related questions

Ask a Question
Mobile Dev Memo Slack Team
Recent Mobile Dev Memo Posts