Today, after months in beta, Apple is releasing iOS 15 to the public. Building upon the Privacy Nutrition Labels and App Tracking Transparency (ATT) framework introduced in iOS 14.5 (discussed at length in our prior post), iOS 15 introduces new privacy controls that will impact brand marketing initiatives and the ad tech ecosystem. Although these controls are not an iOS 14.5-caliber seismic event, they are yet another example of how platform providers have become de facto regulators of privacy. 

The most notable change to privacy controls in iOS 15 is the introduction of “Mail Privacy Protection.” In sum, Mail Privacy Protection is a setting that prevents marketers from using background tracking technologies to understand how users interact with their emails. Unlike ATT, Mail Privacy Protection is off by default, and must be activated through Settings > Mail > Privacy Protection. Apple describes “Mail Privacy Protection” as follows:

“Emails that you receive may include hidden pixels that allow the email's sender to learn information about you. As soon as you open an email, information about your Mail activity can be collected by the sender without transparency and an ability to control what information is shared. Email senders can learn when and how many times you opened their email, whether you forwarded the email, your Internet Protocol (IP) address, and other data that can be used to build a profile of your behavior and learn your location.

If you choose to turn it on, Mail Privacy Protection helps protect your privacy by preventing email senders, including Apple, from learning information about your Mail activity. When you receive an email in the Mail app, rather than downloading remote content when you open an email, Mail Privacy Protection downloads remote content in the background by default - regardless of how you do or don't engage with the email. Apple does not learn any information about the content.

In addition, all remote content downloaded by Mail is routed through multiple proxy servers, preventing the sender from learning your IP address. Rather than share your IP address, which can allow the email sender to learn your location, Apple's proxy network will randomly assign an IP address that corresponds only to the region your device is in. As a result, email senders will only receive generic information rather than information about your behavior. Apple does not access your IP address.”

Other notable changes to privacy controls in iOS 15 include the introduction of "Privacy Dashboard" (a dashboard where users can view how apps use their data), "Private Relay" (an opt-in VPN-like service that obfuscates internet browsing history), and "Hide My Email" (an opt-in setting that allows users to generate and use fake email addresses when signing up through a site rather than using their real email addresses). iOS 15 will also finally start asking users for permission before enabling personalized ads by Apple, bringing Apple more in line with its own ATT framework.

Brands that engage in email marketing or rely on first party data through account registration should revisit their practices and evaluate the implications of iOS 15, in particular, Mail Privacy Protection and Hide My Email.