The Monopoly Report

Episode 55: A Truly EPIC Discussion About Apple ATT

Host: Alan Chapell
Guest: Alan Butler (Executive Director & President, Electronic Privacy Information Center [EPIC])
Date: November 12, 2025

Episode Overview

This episode centers on the French Competition Authority’s decision to characterize Apple’s App Tracking Transparency (ATT) feature as abusive under competition law, given Apple’s dominant position in mobile app distribution. Host Alan Chapell and guest Alan Butler from EPIC debate whether ATT is a genuine privacy win for users or a self-serving move by Apple to privilege its own interests—especially as it relates to publishers, the advertising ecosystem, and broader competition concerns. The conversation navigates the often-blurred lines between privacy, competition, platform power, and the economics of publishing, with spirited disagreements and nuanced explorations of regulatory and user-impact questions.

Key Discussion Points & Insights

1. Introduction to EPIC and Context of ATT

EPIC’s Role: Alan Butler introduces EPIC as a nonprofit advocating for privacy since 1994, focused on defending digital civil liberties.

“We’ve been around since 1994 and focused on defending the fundamental right to privacy for all people online.” (03:37, C)
Why Comment on ATT?: EPIC engaged because privacy victories are rare; ATT’s rollout felt like tangible progress giving consumers direct control over cross-app tracking, something long invisible to users.

“We don’t always get a ton of wins on the privacy side… to see Apple roll out a feature that actually feels like it does something is pretty important.” (05:45, C)

2. First-Party vs. Third-Party Tracking Distinctions

EPIC's Position: Butler argues that data sharing with third parties (cross-app, cross-site tracking) is fundamentally riskier and more invasive than first-party personalization.

“First party data uses are at least uses by an entity that an individual intentionally interacts with.” (10:01, C)
“Cross app, cross site tracking...poses, I think, uniquely acute risks for individuals.” (12:20, C)
Host’s Skepticism: Chapell pushes back, noting that in EU law, focus rests more on specific processing activities than party distinctions and that some regulators, like the UK's CMA, have minimized the distinction.

“I would argue… EU focuses much more on specifics of evaluating each processing activity and less about the distinction between first and third party.” (11:34, B)

3. Evaluating Privacy Controls: Consent Mechanisms Pre- and Post-ATT

Consent Fatigue & Dark Patterns: Both agree that traditional online consent mechanisms (“cookie banners,” etc.) are ineffective, often designed to exhaust users into compliance.

“I don’t see consent mechanisms as they get applied in most online contexts right now as a real privacy control.” (14:25, C)
ATT’s Simplicity: Butler praises ATT for offering a singular, device-level choice rather than repetitive, app-by-app decisions.

“It is a single choice that persists…across apps and services. I do think that is fundamentally different…” (15:16, C)
Host’s Counterpoint: Chapell says Apple’s blanket approach may mask a self-serving agenda, questioning why Apple’s prompt is so much more user-friendly for its interests compared to those it permits for third parties.

“Apple imposes ATT. It dictates how ATT is presented… so I'm curious, why is that not an Apple problem?” (21:15, B)

4. Double Consent and the EU Legal Landscape

On “Double Consent”: Butler refutes the French Competition Authority’s claim that ATT creates a “double consent” burden for users, clarifying that APPs opt to add their own CMPs which isn’t mandated by law; Apple’s ATT is not the direct cause.

“Apps decide to implement a CMP to take advantage of the GDPR consent basis for processing. But that's not the only basis for processing.” (18:20, C)
Regulatory Intent: Chapell argues that Apple could have made their prompt sufficient for legal consent, sparing users two consent flows, but chose not to:

“Apple could have given publishers the ability to customize the ATT prompt language, or…created something closer to parity regarding how Apple’s tracking is characterized.” (Post-discussion summary, B)

5. Publisher Monetization and Market Power

Economic Impact: Chapell contends ATT severely limited publisher monetization options; with advertising harder, publishers are funneled toward subscriptions, from which Apple takes a 30% cut.

“If publishers can't monetize via advertising, the next best way is via subscriptions. And Apple gets a 30% vig on the subscriptions.” (25:14, B)
Skepticism on Targeting Value: Butler questions whether invasive tracking actually delivers publishers meaningful economic value, regarding much hype as ad tech marketing.

“I'm very skeptical that...it is all that it is sold to be in part because the folks most prominent in selling the economic benefits...are the companies that sell the tracking services.” (26:06, C)
Who Benefits?:

“Publishers don't have a lot of say in how the ad systems work. They're buyers in this market and the sellers…have pretty dominant control.” (28:52, C)

6. Apple’s Self-Favoritism—A Competition Concern?

Host's Critique: Chapell raises concern that ATT selectively impairs third-party ad tracking while growing Apple’s own ad business (which uses data from both first-party and, in some ways, third-party sources like app install data).

“Apple’s ad revenues since ATT have skyrocketed… look at where Apple's advertising revenue is now and it's gargantuan.” (36:53, B) “Apple could have tried to have some level of parity as between the types of disclosures...” (Post-discussion summary, B)
Butler’s Defense: Butler maintains that Apple’s use of its own app store data is not equivalent to third-party cross-app surveillance, and Apple's growth is not solely due to ATT’s impact.

“Apple is not doing cross app tracking for their advertising…what they’re doing is not the same as third-party tracking.” (38:22, C)
Parody of Privacy Choices: Butler insists that the relevant comparison is between Apple's internal privacy mechanisms and app-level CMPs, not between system-wide ATT and Apple’s own ad personalization prompt.

“That's the parity. They're both companies that have access to certain data about users.” (45:30, C)

7. Consumer Perspective—Actual Value and Understanding

Consumer Choice: Both agree users overwhelmingly prefer to opt out (or not opt in) when given a clear, singular choice like ATT versus when navigating convoluted CMPs.

“My impression…is that people did tend to choose not to track more often than…to kind of click through three levels of CMP…” (31:50, C)
Do Users Understand "Cohorts"? Research referenced by Chapell suggests users do not differentiate between “cohort” targeting and individual tracking, casting doubt on the privacy benefit perception.

“There’s actually research out there…that suggest consumers don’t really understand the distinction between the cohort model and the one to one model.” (33:08, B)

Notable Quotes & Memorable Moments

On Privacy’s Difficulty:

“It hasn’t been easy to be a privacy officer or even involved in privacy over the last two decades.” (07:44, B)
On Apple’s Power Play:

“Apple went and robbed the mob's bank.” (07:56, B, referencing Eric Seufert)
On Publisher Disempowerment:

“Publishers don't have a lot of say in how the ad systems work… the sellers in this market have pretty dominant control.” (28:52, C)
On the Limits of Consent:

“Consent mechanisms have the propensity to be gamed in a whole bunch of different ways.” (15:58, B)
On Regulatory Proportionality:

“Apple could have taken a different approach to achieve the goals of protecting users privacy, and that Apple therefore failed the proportionality test.” (Post-discussion summary, B)

Important Timestamps

[03:37] – EPIC’s mission, role, and organizational background (C)
[05:45] – Why ATT was a “win” and why EPIC weighed in (C)
[09:07] – Deep dive into first-party vs third-party tracking differences and the legal landscape (C, B)
[14:25] – Limitations and manipulation of consent mechanisms; why ATT is different (C)
[17:32] – On the myth of “double consent” and EU regulatory requirements (C)
[21:15] – Chapell pressing Apple’s role in user confusion and consent fatigue (B)
[25:14] – Impact on publisher monetization; the subscription “tax” (B)
[28:52] – Publisher disempowerment in the current ad tech environment (C)
[36:53] – Apple’s ad revenue growth and potential economic motives behind ATT (B)
[41:49] – Balancing privacy and competition: can one justify unfair practices to achieve the other? (B, C)
[46:49] – Evaluating “parity” between Apple and third-party privacy controls (C)
[47:42] – Concluding thoughts; platform-level privacy protection vs. competition (C)
[48:07] – Host’s closing reflection on cross-bubble discussions (B)

Tone and Takeaways

The episode is forthright and rigorous, with both debaters displaying deep knowledge—and clear ideological differences—on privacy and competition. Alan Butler holds a hard privacy line, arguing the normative value of user autonomy and system-level protections, even at the expense of some market interests. Alan Chapell challenges this stance, emphasizing practical economic impacts on publishers, the danger of platform self-favoritism, and regulatory proportionality.

Key Takeaways:

Privacy vs. Competition: Real-world privacy protections (like ATT) can have anti-competitive ripple effects—especially if implemented in ways that benefit the platform owner.
User Control Is Messy: Giving users meaningful data agency is far more difficult than offering symbolic choices, especially in cross-platform environments.
Publisher Viability: Solutions that undercut publisher revenues without offering alternative business models risk damaging the diversity and sustainability of digital media.
Regulatory Nuance Required: Effective oversight requires balancing privacy rights, economic impact, and the realities of platform power—not favoring one at the total expense of the others.

For Further Reference

EPIC’s blog post on the French Competition Authority’s ATT decision (see show notes)
Studies from Columbia University and USC referenced about consumer understanding and choice (see show notes)
Legislative references: GDPR, CCPA, UOM (Universal Opt-Out Mechanism), and anti-preferencing provisions in recent state laws

This summary excludes advertisements, event plugs, show introductions, and outros to focus on the substantive discussion only.

The Monopoly Report

Episode 55: A Truly EPIC Discussion About Apple ATT

Host: Alan Chapell
Guest: Alan Butler (Executive Director & President, Electronic Privacy Information Center [EPIC])
Date: November 12, 2025

Episode Overview

Key Discussion Points & Insights

1. Introduction to EPIC and Context of ATT

EPIC’s Role: Alan Butler introduces EPIC as a nonprofit advocating for privacy since 1994, focused on defending digital civil liberties.

“We’ve been around since 1994 and focused on defending the fundamental right to privacy for all people online.” (03:37, C)
Why Comment on ATT?: EPIC engaged because privacy victories are rare; ATT’s rollout felt like tangible progress giving consumers direct control over cross-app tracking, something long invisible to users.

“We don’t always get a ton of wins on the privacy side… to see Apple roll out a feature that actually feels like it does something is pretty important.” (05:45, C)

2. First-Party vs. Third-Party Tracking Distinctions

EPIC's Position: Butler argues that data sharing with third parties (cross-app, cross-site tracking) is fundamentally riskier and more invasive than first-party personalization.

“First party data uses are at least uses by an entity that an individual intentionally interacts with.” (10:01, C)
“Cross app, cross site tracking...poses, I think, uniquely acute risks for individuals.” (12:20, C)
Host’s Skepticism: Chapell pushes back, noting that in EU law, focus rests more on specific processing activities than party distinctions and that some regulators, like the UK's CMA, have minimized the distinction.

“I would argue… EU focuses much more on specifics of evaluating each processing activity and less about the distinction between first and third party.” (11:34, B)

3. Evaluating Privacy Controls: Consent Mechanisms Pre- and Post-ATT

Consent Fatigue & Dark Patterns: Both agree that traditional online consent mechanisms (“cookie banners,” etc.) are ineffective, often designed to exhaust users into compliance.

“I don’t see consent mechanisms as they get applied in most online contexts right now as a real privacy control.” (14:25, C)
ATT’s Simplicity: Butler praises ATT for offering a singular, device-level choice rather than repetitive, app-by-app decisions.

“It is a single choice that persists…across apps and services. I do think that is fundamentally different…” (15:16, C)
Host’s Counterpoint: Chapell says Apple’s blanket approach may mask a self-serving agenda, questioning why Apple’s prompt is so much more user-friendly for its interests compared to those it permits for third parties.

“Apple imposes ATT. It dictates how ATT is presented… so I'm curious, why is that not an Apple problem?” (21:15, B)

4. Double Consent and the EU Legal Landscape

On “Double Consent”: Butler refutes the French Competition Authority’s claim that ATT creates a “double consent” burden for users, clarifying that APPs opt to add their own CMPs which isn’t mandated by law; Apple’s ATT is not the direct cause.

“Apps decide to implement a CMP to take advantage of the GDPR consent basis for processing. But that's not the only basis for processing.” (18:20, C)
Regulatory Intent: Chapell argues that Apple could have made their prompt sufficient for legal consent, sparing users two consent flows, but chose not to:

“Apple could have given publishers the ability to customize the ATT prompt language, or…created something closer to parity regarding how Apple’s tracking is characterized.” (Post-discussion summary, B)

5. Publisher Monetization and Market Power

Economic Impact: Chapell contends ATT severely limited publisher monetization options; with advertising harder, publishers are funneled toward subscriptions, from which Apple takes a 30% cut.

“If publishers can't monetize via advertising, the next best way is via subscriptions. And Apple gets a 30% vig on the subscriptions.” (25:14, B)
Skepticism on Targeting Value: Butler questions whether invasive tracking actually delivers publishers meaningful economic value, regarding much hype as ad tech marketing.

“I'm very skeptical that...it is all that it is sold to be in part because the folks most prominent in selling the economic benefits...are the companies that sell the tracking services.” (26:06, C)
Who Benefits?:

“Publishers don't have a lot of say in how the ad systems work. They're buyers in this market and the sellers…have pretty dominant control.” (28:52, C)

6. Apple’s Self-Favoritism—A Competition Concern?

Host's Critique: Chapell raises concern that ATT selectively impairs third-party ad tracking while growing Apple’s own ad business (which uses data from both first-party and, in some ways, third-party sources like app install data).

“Apple’s ad revenues since ATT have skyrocketed… look at where Apple's advertising revenue is now and it's gargantuan.” (36:53, B) “Apple could have tried to have some level of parity as between the types of disclosures...” (Post-discussion summary, B)
Butler’s Defense: Butler maintains that Apple’s use of its own app store data is not equivalent to third-party cross-app surveillance, and Apple's growth is not solely due to ATT’s impact.

“Apple is not doing cross app tracking for their advertising…what they’re doing is not the same as third-party tracking.” (38:22, C)
Parody of Privacy Choices: Butler insists that the relevant comparison is between Apple's internal privacy mechanisms and app-level CMPs, not between system-wide ATT and Apple’s own ad personalization prompt.

“That's the parity. They're both companies that have access to certain data about users.” (45:30, C)

7. Consumer Perspective—Actual Value and Understanding

Consumer Choice: Both agree users overwhelmingly prefer to opt out (or not opt in) when given a clear, singular choice like ATT versus when navigating convoluted CMPs.

“My impression…is that people did tend to choose not to track more often than…to kind of click through three levels of CMP…” (31:50, C)
Do Users Understand "Cohorts"? Research referenced by Chapell suggests users do not differentiate between “cohort” targeting and individual tracking, casting doubt on the privacy benefit perception.

“There’s actually research out there…that suggest consumers don’t really understand the distinction between the cohort model and the one to one model.” (33:08, B)

Notable Quotes & Memorable Moments

On Privacy’s Difficulty:

“It hasn’t been easy to be a privacy officer or even involved in privacy over the last two decades.” (07:44, B)
On Apple’s Power Play:

“Apple went and robbed the mob's bank.” (07:56, B, referencing Eric Seufert)
On Publisher Disempowerment:

“Publishers don't have a lot of say in how the ad systems work… the sellers in this market have pretty dominant control.” (28:52, C)
On the Limits of Consent:

“Consent mechanisms have the propensity to be gamed in a whole bunch of different ways.” (15:58, B)
On Regulatory Proportionality:

“Apple could have taken a different approach to achieve the goals of protecting users privacy, and that Apple therefore failed the proportionality test.” (Post-discussion summary, B)

Important Timestamps

[03:37] – EPIC’s mission, role, and organizational background (C)
[05:45] – Why ATT was a “win” and why EPIC weighed in (C)
[09:07] – Deep dive into first-party vs third-party tracking differences and the legal landscape (C, B)
[14:25] – Limitations and manipulation of consent mechanisms; why ATT is different (C)
[17:32] – On the myth of “double consent” and EU regulatory requirements (C)
[21:15] – Chapell pressing Apple’s role in user confusion and consent fatigue (B)
[25:14] – Impact on publisher monetization; the subscription “tax” (B)
[28:52] – Publisher disempowerment in the current ad tech environment (C)
[36:53] – Apple’s ad revenue growth and potential economic motives behind ATT (B)
[41:49] – Balancing privacy and competition: can one justify unfair practices to achieve the other? (B, C)
[46:49] – Evaluating “parity” between Apple and third-party privacy controls (C)
[47:42] – Concluding thoughts; platform-level privacy protection vs. competition (C)
[48:07] – Host’s closing reflection on cross-bubble discussions (B)

Tone and Takeaways

Key Takeaways:

Privacy vs. Competition: Real-world privacy protections (like ATT) can have anti-competitive ripple effects—especially if implemented in ways that benefit the platform owner.
User Control Is Messy: Giving users meaningful data agency is far more difficult than offering symbolic choices, especially in cross-platform environments.
Publisher Viability: Solutions that undercut publisher revenues without offering alternative business models risk damaging the diversity and sustainability of digital media.
Regulatory Nuance Required: Effective oversight requires balancing privacy rights, economic impact, and the realities of platform power—not favoring one at the total expense of the others.

For Further Reference

EPIC’s blog post on the French Competition Authority’s ATT decision (see show notes)
Studies from Columbia University and USC referenced about consumer understanding and choice (see show notes)
Legislative references: GDPR, CCPA, UOM (Universal Opt-Out Mechanism), and anti-preferencing provisions in recent state laws

This summary excludes advertisements, event plugs, show introductions, and outros to focus on the substantive discussion only.

wavePod

Episode 55: A truly EPIC discussion about Apple ATT

Powered by Wave AI

Summary

The Monopoly Report

Episode 55: A Truly EPIC Discussion About Apple ATT

Episode Overview

Key Discussion Points & Insights

1. Introduction to EPIC and Context of ATT

2. First-Party vs. Third-Party Tracking Distinctions

3. Evaluating Privacy Controls: Consent Mechanisms Pre- and Post-ATT

4. Double Consent and the EU Legal Landscape

5. Publisher Monetization and Market Power

6. Apple’s Self-Favoritism—A Competition Concern?

7. Consumer Perspective—Actual Value and Understanding

Notable Quotes & Memorable Moments

Important Timestamps

Tone and Takeaways

For Further Reference

Summary

The Monopoly Report

Episode 55: A Truly EPIC Discussion About Apple ATT

Episode Overview

Key Discussion Points & Insights

1. Introduction to EPIC and Context of ATT

2. First-Party vs. Third-Party Tracking Distinctions

3. Evaluating Privacy Controls: Consent Mechanisms Pre- and Post-ATT

4. Double Consent and the EU Legal Landscape

5. Publisher Monetization and Market Power

6. Apple’s Self-Favoritism—A Competition Concern?

7. Consumer Perspective—Actual Value and Understanding

Notable Quotes & Memorable Moments

Important Timestamps

Tone and Takeaways

For Further Reference