Infrastructural Control Does the Trick: Apple’s Privacy Battles with Facebook and Tencent

By: Jingxian Zeng

February 28, 2022

Apple’s efforts to brand itself as the privacy guardian recently reached a whole new level with its launch of App Tracking Transparency (ATT). But the bold move from Limit Ad Tracking (LAT) to ATT is not as revolutionary as Apple’s advertising makes it seem. ATT is a transition from an opt-out system of data tracking to an opt-in system, with the game changer being the prioritization of the non-opt-in choice (“Ask App Not to Track”) at the application level. In combination with the implementation of Identity for Advertisers (IDFA), a unique and random identifier assigned by Apple to each iOS device, ATT ensures that personal data will only be shared across apps if a user clicks “Allow.”

Despite the fact that ATT arguably offers a more effective privacy mechanism than any other of privacy regulation, it is the subject of skepticism that reveals underlying power dynamics. Notably, the tension between Apple and Tencent versus that between Apple and Facebook (Meta) during the implementation of ATT offers a window into a landscape where data protection and privacy law is mobilized as the dominant “legal technology”1This term is to view law as a package of tools that can be mobilized, and thus shaped, by a wide range of actors to achieve certain purposes in practice. One typical example would be contracts. See Kevin E. Davis, Contracts as Technology, 88 N.Y.U. L. Rev. 83 (2013). in contesting digital platform power.

Generally, data protection and privacy laws grant individuals certain data rights, in an effort to prevent the monetization of personal data.2Angelina Fisher & Thomas Streinz,Confronting Data Inequality, (N.Y.U. Sch. of Law, Pub. Law and Legal Theory Research Series, Working Paper No. 21-22, 2021) (“[D]ifferences persist even if data protection law on the books may look similar.”). This “dignitarian” approach of challenging platform data use has been criticized for “being simultaneously overly narrow and overly broad,”3Salomé Viljoen, Data as Property?, Phenomenal World (October 16, 2020). since (1) there may be little meaningful distinction between personal and non-personal data,4Fisher & Streinz, supra note 2, at 48; see also Nadezhda Purtova, The Law of Everything: Broad Concept of Personal Data and Future of EU Data Protection Law, 10 Law, Innovation & Tech. 40 (2018). (2) individuals may lack the “willingness and ability to access their rights,”5Fisher & Streinz, supra note 2, at 49. and (3) the focus on personal privacy may impede positive public uses of data.6Viljoen, supra note 3.

This article targets the assumption behind the mobilization of data protection and privacy to contest platform power: the enormous power of platforms derives from their control over data such that granting individuals rights to their own data is enough to contest platform power.7This assumption is also present when mobilizing other legal technologies, e.g., antitrust law. This approach ignores a fundamental source of platform power—control over the digital infrastructure8Examples of digital infrastructure include hardware such as sensors, cables, and data centers, as well as software such as technical protocols and operating systems. that enables the collection and processing of data. Failing to account for this aspect of platform power runs the risk that data protection and privacy will be mobilized by platforms to safeguard their “walled gardens,”9See Jean-Christophe Plantin, et al.,Infrastructure Studies Meet Platform Studies in the Age of Google and Facebook, 20 New Media & Soc’y 293 (2018); see also Amy Kapczynski, The Law of Informational Capitalism, 129 Yale L.J. 1460 (2020). thus running against the “public” expectation of empowering individuals vis-à-vis platforms. The differing implementation of Apple’s privacy-preserving policy in the U.S. and China, through Facebook and Tencet respectively, offers a vivid illustration10Other relevant cases include the Federated Learning of Cohorts (FLoC) proposed by Google and the decentralized contact tracing system launched by Apple and Google. of the significance of infrastructural control.

Apple versus Facebook: Win by a Nose?

In launching ATT, Apple mobilized at least two legal technologies. The most apparent legal technology is its compliance with privacy law, which may support, but not require, the sort of individual decision-making that ATT promotes. This is not surprising since Apple has taken the public and strategic stance that “privacy is a fundamental human right” as one of its “core values.”11There are other privacy-preserving measures taken step-by-step by Apple in recent years, including Safari’s Intelligent Tracking Prevention (ITP) that blocks third-party cookies by default. Apple has been able to adopt this stance without fear because ad revenue accounts for a relatively small proportion of Apple’s portfolio.12Apple’s Services is responsible for 18% of sales in the fourth quarter of 2021; but there is no breakdown on the amount of ad revenue. The less apparent legal technology is based in contract law; Apple has modified the terms of service with application developers. Now, application developers must agree to the use of ATT to remain in or enter the App Store.  The asymmetric bargaining power in both reconstructing and enforcing the terms of service with application developers perfectly reveals how Apple, as an “infrastructuralized platform,”13See Plantin et al., supra note 9. managed to secure its walled garden by acting as both gatekeeper and rulemaker.

Facebook, which generates nearly 98% of its revenue from advertising,14See U.S. Security & Exchange Comm’n, Form 10-Q, Quarterly Report for Facebook, Inc. 14 (2021). responded with fury soon after Apple first announced ATT. In the seesaw PR battle, Facebook made several arguments, most of which were policy-oriented, accusing Apple of disregarding the negative effect of ATT on small businesses. Facebook also accused Apple of adopting ATT in pursuit of self-interest rather than the public interest. If the initially estimated 10-15% opt-in rate under ATT turns into reality, digital content providers and small application providers could suffer from severe ad revenue shrinkage.15The opt-in rate is subject to complex measurement, so this estimate may not be correct. See also Einav Mors-Samuels, Mind the Gap: Bridging the Divide Between High ATT Opt-in and Low IDFA Collection Rates, AppsFlyer (Sept. 15, 2021), https://www.appsflyer.com/blog/measurement-analytics/att-idfa-discrepancy/. To replace the lost revenue, such providers could turn to subscriptions and other in-app payments for money, of which Apple takes a substantial share (Apple’s own advertising platform is not fully subject to ATT). Critically, users may ultimately bear the cost of the low opt-in rate by being charged more fees without better experience (since ads are not removed, just less personalized).16On the same day, Facebook ran full-page ads with similar content in major newspapers, including the New York Times, Wall Street Journal, and Washington Post.

Interestingly, Facebook mobilized two responsive legal technologies. The first was to some extent counterintuitive—Facebook claimed that they could “preserve the value that both people and businesses get out of personalized advertising, while respecting privacy and empowering people to control their information online.”17Erin Egan & Steve Satterfield, A Path Forward for Privacy and Online Advertising, Meta (Oct. 2, 2020), https://about.fb.com/news/2020/10/a-path-forward-for-privacy-and-online-advertising/; Steve Satterfield, Personalized Advertising and Privacy Are Not at Odds, Meta (Dec. 16, 2020), https://about.fb.com/news/2020/12/personalized-advertising-and-privacy-are-not-at-odds/. Facebook reasoned that personalized advertising actually conforms to privacy law through use of anonymization and encryption technologies. Second, Facebook subtly invoked competition law by emphasizing the unfair effect of ATT given Apple’s enormous market power. So far there have been antitrust investigations into ATT in Germany and Poland. In the end, Facebook reluctantly accepted the leveled playing field, “rolling out a new ad measurement agreement” that involves Apple’s SKAdNetwork API and Facebook’s adjusted measurement system. Additionally, Facebook would present users information on the benefits of personalized ads before they receive the ATT prompt.

Facebook’s media fight-back and ultimate agreement to ATT does not show that Facebook stands for better data privacy practice,18Since, as Apple rebutted, ATT “does not require Facebook to change its approach to tracking users and creating targeted advertising, it simply requires they give users a choice.” but rather that Apple wields great power. But why does a social media giant with around 70% of market share in the U.S. and over 75% worldwide appear so powerless against Apple, which holds less than 60% of the mobile device market share in the U.S. and below 30% worldwide? The answer arguably lies in Apple’s control over crucial components of data infrastructure, not the fact that its privacy approach is more “legitimate” (while ATT is in line with the spirit of privacy law, it may be at odds with competition law).

Both Apple and Facebook can be described as “infrastructuralized platforms”,19See Plantin et al., supra note 9. but Apple still controls the “substrate” of Facebook—and of many other digital content providers, including, but not limited to, application developers. Because Apple’s share is in the market of hardware (e.g., mobile devices) and software (e.g., operating systems), it enjoys much more lock-in power than Facebook’s, which merely flows in the superficial layer of application. Facebook itself may then be the substrate of other digital activities such as communication and socialization, but it must first be enabled by device providers such as Apple.20Such flipping “between figure and ground” is not uncommon given the “interlocking” landscape of digital infrastructures, in which “the infrastructural ‘ground’ has its own substrate, its own platform.” Shannon Mattern, Scaffolding, Hard and Soft: Critical and Generative Infrastructures, Spheres (June 21, 2016), https://spheres-journal.org/wp-content/uploads/spheres-3_Mattern.pdf.

Indeed, Apple has refrained from expanding into social media, where Facebook has taken the lead. But the thing is, Apple does not need to be in the social media world to wield its power over its users.21See Fisher & Streinz, supra note 2, at 18. Compared to Facebook, Apple anchors itself deeply in the material layer of data infrastructure. It has long leveraged the legal technologies of ownership, copyright, and licensing, which are legally coded in its terms of service contract and architecturally coded in its software, to maximize de facto control over any data that relies on its operating system.22See Aaron Perzanowski & Jason Schultz, The End of Ownership: Personal Property in the Digital Economy (M.I.T. Press, Case Legal Studies Research Paper No. 2020-24, 2016); Epic Games, Inc. v. Apple Inc.,2021 WL 4128925 (N.D. Cal. 2021) (“Apple’s creation and cultivation of the iOS device (and its ecosystem) has been described as a walled garden. Said differently, it is a closed platform whereby Apple controls and supervises access to any software which accesses the iOS devices.”). By holding tight to the hardware and software that enable social media apps, Apple wields its power from beneath the social media world. If Facebook decides to ignore ATT or deploy a technical workaround, Apple is likely to take action: it could remove Facebook from the App Store (and risk a competition lawsuit) or file a lawsuit against Facebook for breach of contract, or both. Removal is not an unrealistic response given that Apple’s ecosystem is hard-to-replicate and locks in its customers, whereas the users of Facebook are more likely to jump to other social media platforms, especially if Facebook is facing accusations of privacy intrusion. Even if a lawsuit is brought by Facebook to temporarily freeze the removal, it could be a drawn-out and expensive confrontation during which Facebook will suffer a continuous press crisis.23Unlike with Epic Games, users may not sympathize with Facebook when challenging the power of Apple. Epic Games opposed “Apple’s control over the distribution of apps to its users and the requirement that developers of apps use Apple’s in-app purchases or in-app payments (“IAP”) system, but Facebook opposes a privacy-preserving policy that claims to give users more autonomy. See Epic Games, 2021 WL 4128925. In this context, “jailbreaking” (non-compliance) seems to be a much less desirable choice than “cooperation” (compliance), which is largely protected from public oversight.

Apple versus Tencent: Tie or Draw?

Ultimately, Apple and Facebook are not fighting about the protection of privacy. Rather, their fight is over the power to interpret privacy as a “legal” concept ill-defined by current data protection and privacy laws, which rely on the ambiguous personal/non-personal data dichotomy.24See Purtova, supra note 4. This fight is not unique in context, as platforms have long been granted the authority to self-regulate either directly or indirectly.25Elettra Bietti, A Genealogy of Digital Platform Regulation (June 3, 2021), https://ssrn.com/abstract=3859487. In China, the PRC E-commerce Law “follows the principle that ‘the state regulates the platforms, and the platforms regulate online businesses.’”26Lizhi Liu & Barry R. Weingast, Law, Chinese Style: Solving the Authoritarian’s Legal Dilemma Through the Private Provision of Law (Working Paper, 2020). Now, by looking at the tension between Apple and Tencent, a private corporation that runs “WeChat,” the biggest social media platform in China, it may become more evident that who wins the de facto power of legal interpretation could depend on who seizes greater infrastructural control.

Unlike Facebook, Tencent chose to see if it could directly bypass ATT without saying too much by implementing CAA Advertising ID (CAID) instead. CAID is a technology jointly published by the China Advertising Association (CAA) and the China Academy of Information and Communications Technology (CAICT).27See Yezhong Huang, User-based Attribution Model: Universal ID Scheme (基于用户的归因模式: 通用ID方案, (Aug. 20, 2020); see also CAID Program of China Advertising Association (中国广告协会的CAID方案) (Mar. 24, 2021). Soon after the publication of CAID, the CAA enacted relevant technical specification for “promoting industrial development, respecting industrial interests, safeguarding user rights and ensuring data security.” China Advert. Ass’n, Technical Specification for Mobile Internet Advertising Identification (Dec. 10, 2020); see A Response to Apple’s New Policy on IDFA (应对苹果IDFA新政), Sina Technology(Jan. 12, 2021), https://finance.sina.com.cn/tech/2021-01-12/doc-ikftssan5143068.shtml. Not only is Tencent a major member of CAA, but it is also one of the big tech firms that has been, in a relatively undisguised manner, testing CAID.28This technology even attracts several international companies. See Lawrence Damilola, A Battle of Wills? China’s Tech Giants Bypass Apple’s Privacy Tool, Ketagalan Media (Apr. 16, 2021), https://ketagalanmedia.com/2021/04/16/a-battle-of-wills-chinas-tech-giants-bypass-apples-privacy-tool/. Under the technical framework of CAID, each iOS device receives a unique ID (comparable to Apple’s IDFA) that will be shared with advertisers by default (i.e., it remains an opt-out system).

Public debate in China has raised similar arguments as those made by Facebook, with privacy law as the dominant legal technology.29See Does Refusing to Track Mean Protecting Privacy? (拒绝追踪就等于保护隐私吗?), Caijing (May 28, 2021), https://finance.eastmoney.com/a/202105281940613346.html. The CAID creators claim that “CAID is confidential, anonymous, and secure, with little risk of being reversed to decode the user’s device and personal information,” and thus “complies with relevant laws and regulations, and national mandatory information security standards.”30These statements were made by Zhengjun Yang, the Vice President of CAICT. See A Response to Apple’s New Policy on IDFA, supra note 27. However, this exact practice of combining signals for device identification (“fingerprinting”) is forbidden in the Apple Developer Program License Agreement, which stipulates that “you may not derive data from a device for the purpose of uniquely identifying it.” Apple has already made it clear that ATT must “apply equally to all developers around the world” and has taken actions against a few Chinese apps that were testing CAID (or similar technologies) by blocking their updates from the App Store.31See also Patrick McGee, Apple Wins Privacy Battle in China, Fin. Times (July 4, 2021), https://www.ft.com/content/c79a5f6a-0827-47a4-9b3b-622a81fcc75a; see also Mike Peterson, Apple Tells Chinese Apps Not to Bypass App Tracking Transparency, Apple Insider (Mar. 18, 2021), https://appleinsider.com/articles/21/03/18/apple-tells-chinese-apps-not-to-bypass-app-tracking-transparency.

But as critics suggest, it is an “impossible mission” for Apple not to “turn a blind eye”32See Damilola, supra note 28. to big tech firms in China such as Tencent, which has yet to comment on the disclosure of its implementation of CAID. More importantly, Tencent has not received repercussions from Apple, which did not hesitate to reject updates to more than 50,000 other apps that produce unique identifiers like CAID. Given that Tencent has a half-year forty-five billion dollar business of online advertising, one may speculate from its silence that it is figuring out something to preserve its business—certainly something other than bending to the control of Apple’s SKAdNetwork API, as Facebook did. Given that information about CAID remains on the official site of CAA, and other similar technologies are continuously emerging and being tested by app developers, it is way too soon to conclude that “Apple wins [the] privacy battle in China.”

The best word for the status quo between Apple and Tencent is a “draw,” like in a cricket game where there is neither a win nor a tie, but an inconclusive result leaning to one side. Again, it is more about striving for the power of interpreting privacy as a legal technology. But Apple is under a quite different kind of tension. In China, Tencent’s social media platform WeChat takes up over 90% market share with 1.2 billion daily active users.33See Jean-Christophe Plantin & Gabriele de Seta, WeChat as Infrastructure: The Techno-nationalist Shaping of Chinese Digital Platforms, 12 Chinese J. Comm. 257 (2019). Moreover, in contrast to Facebook, which feeds on advertising, Tencent has stretched itself into gaming, fintech (e.g., third-party payment),34Tencent ranked second in the mobile payment market with almost 40% share in 2020. and business services (e.g., cloud), on top of, and increasingly independent from, its social media platform. In fact, these sectors account for more than 80% of Tencent’s revenue in 2021.

Apple is but one popular device provider, and faces fierce competition from local vendors in the smartphone market. In China, Apple’s share fluctuates at around only 10%. Indeed, numbers are never the whole story. The power that Tencent wields over Apple is fostered by its deeper anchor in other enabling services in the market. For example, much of the market share is secured by Tencent’s third-party payment services, which is closely tied to WeChat and enables most daily transactions in China. In this sense, Tencent’s efforts in “infrastructuring” itself make its market share not only big, but also heavy. If Apple removes WeChat from its App Store, it may well remove itself from China, together with 19% of its total revenue ($68.4 billion in 2021). At the same time, Apple’s control over its hardware and software is much less secure in China. As to hardware, iCloud’s data center in mainland China is run by GCBD, a local cloud service provider located in Guizhou, which displaces Apple as the other party of the terms of service with local users. This arrangement was to comply with the data localization requirement on “critical information infrastructure operator” under the Cybersecurity Law,35See Cybersecurity Law of the PRC (中国网络安全法), Xinhua News (July 11, 2016). and the strict restrictions on foreign investment under the licensing regime of “value-added telecommunication services”(VATS).36The licensing regime is governed by the 2014 PRC Telecommunication Regulation and the 2017 Measures for the Administration of Telecommunication Business License. See AnJie Law Firm, Regulation of Cloud Computing in China (Oct. 13, 2020) (“[T]he operation of cloud services in China requires a VATS license dedicated for IDC [Internet Data Centre Service] business…IDC licenses have only been granted to Chinese companies and their joint ventures with Hong Kong and Macau investors.”). In the new arrangement, it is GCBD that secures infrastructural control, while Apple may only “provide assistance” as a potential “additional party.”

Apple’s gradual loss of its grip on hardware in China may result in a fundamentally disturbed ground for its software control, which is the only way for Apple to code and enforce its privacy policies. Compliance with Apple’s policies is insufficient for placement on the App Store, as apps must also comply with Chinese policies. In this sense, for apps (e.g., WeChat) to be removed from the iOS in China, their non-compliance (e.g., CAID) with Apple’s policies (e.g., ATT) is arguably insufficient too; the apps are shielded by local big tech firms (e.g., Tencent) that hold influential decision-making power through their domination of data infrastructure.

Conclusion

In deeming ATT the normative privacy policy, Apple managed to get Facebook in compliance, though not without garnering significant criticism for its abuse of infrastructural control. After all, the new Facebook advertising data arrangement depends on an API controlled by Apple. In China, however, Apple is likely unable to overcome the overwhelming resistance from local big tech firms like Tencent, which are competing for control over infrastructure in an environment where Apple has gradually lost its grip. Even though Chinese regulators have enacted policies that point in the same direction as Apple,37In addition, Apple has developed “strong relationships” with the Chinese government in the past five years. See Samuel Axon, Apple CEO Tim Cook Engineered a Secret $275 Billion Deal With China, Ars Technica (Dec. 7, 2021), https://arstechnica.com/gadgets/2021/12/report-apple-ceo-tim-cook-engineered-a-secret-275-billion-deal-with-china/?utm_source=pocket_mylist. Tencent and other big tech firms still have the power to assert de facto privacy rules tailored to their profit-driven needs. In both battles, it is apparent that the actor with greater infrastructural control prevails. This is not just the case between Apple and other tech giants like Facebook and Tencent as “powerful and resource-rich (data) accumulators”38See Fisher & Streinz, supra note 6, at 51.— Apple’s privacy decision weighs even more heavily on small-scale platforms that lack the power to bear the consequences of compliance (unlike Facebook, they may not recover from the loss of advertising revenues)39The de facto impact of ATT on Facebook has been limited. The year-on-year growth rate of its ad revenue reached 33% in 2021 (see supra note 23); in the same quarter of 2020 and 2019, the growth rate was 22% and 28%, respectively. and non-compliance (unlike Tencent, they cannot risk being removed by Apple).

Critically, neither the framework offered by Apple and Facebook nor the alternative attempted by Tencent involved much public participation (if any), despite the fact that all three claim to be acting in the public interest. Instead, Apple, Facebook, and Tencent seem to fill the skeleton of “legal desirability” with the flesh and blood of “technical feasibility.” Among the three, the de facto rule seems to depend on the power dynamics of infrastructural control. These private actors have become so infrastructuralized that their decisions over “code”40Lessig warns the danger of regulating through “code” as “architecture” due to the fading transparency and accountability of (government) choices. See Lawrence Lessig, Code: Version 2.0 (2006). could produce highly scalable public impact. Admittedly, platforms may do good with their decision-making power; but then the public must depend on the goodwill of a tiny group of powerful private actors. If privacy as a legal technology aims to contest platform power to promote the public interest, regulators will need to focus their interventions on infrastructural control.


Jingxian Zeng, LLM, New York University School of Law. Professor Thomas Streinz and Professor Joseph H. H. Weiler of the Guarini Colloquium assisted with this paper.

Suggested Citation: Jingxian Zeng, Infrastructural Control Does the Trick: Apple’s Privacy Battles with Facebook and Tencent, J. Legis. & Pub. Pol’y Quorum (2022).

  • 1
    This term is to view law as a package of tools that can be mobilized, and thus shaped, by a wide range of actors to achieve certain purposes in practice. One typical example would be contracts. See Kevin E. Davis, Contracts as Technology, 88 N.Y.U. L. Rev. 83 (2013).
  • 2
    Angelina Fisher & Thomas Streinz,Confronting Data Inequality, (N.Y.U. Sch. of Law, Pub. Law and Legal Theory Research Series, Working Paper No. 21-22, 2021) (“[D]ifferences persist even if data protection law on the books may look similar.”).
  • 3
    Salomé Viljoen, Data as Property?, Phenomenal World (October 16, 2020).
  • 4
    Fisher & Streinz, supra note 2, at 48; see also Nadezhda Purtova, The Law of Everything: Broad Concept of Personal Data and Future of EU Data Protection Law, 10 Law, Innovation & Tech. 40 (2018).
  • 5
    Fisher & Streinz, supra note 2, at 49.
  • 6
    Viljoen, supra note 3.
  • 7
    This assumption is also present when mobilizing other legal technologies, e.g., antitrust law.
  • 8
    Examples of digital infrastructure include hardware such as sensors, cables, and data centers, as well as software such as technical protocols and operating systems.
  • 9
    See Jean-Christophe Plantin, et al.,Infrastructure Studies Meet Platform Studies in the Age of Google and Facebook, 20 New Media & Soc’y 293 (2018); see also Amy Kapczynski, The Law of Informational Capitalism, 129 Yale L.J. 1460 (2020).
  • 10
    Other relevant cases include the Federated Learning of Cohorts (FLoC) proposed by Google and the decentralized contact tracing system launched by Apple and Google.
  • 11
    There are other privacy-preserving measures taken step-by-step by Apple in recent years, including Safari’s Intelligent Tracking Prevention (ITP) that blocks third-party cookies by default.
  • 12
    Apple’s Services is responsible for 18% of sales in the fourth quarter of 2021; but there is no breakdown on the amount of ad revenue.
  • 13
    See Plantin et al., supra note 9.
  • 14
    See U.S. Security & Exchange Comm’n, Form 10-Q, Quarterly Report for Facebook, Inc. 14 (2021).
  • 15
    The opt-in rate is subject to complex measurement, so this estimate may not be correct. See also Einav Mors-Samuels, Mind the Gap: Bridging the Divide Between High ATT Opt-in and Low IDFA Collection Rates, AppsFlyer (Sept. 15, 2021), https://www.appsflyer.com/blog/measurement-analytics/att-idfa-discrepancy/.
  • 16
    On the same day, Facebook ran full-page ads with similar content in major newspapers, including the New York Times, Wall Street Journal, and Washington Post.
  • 17
    Erin Egan & Steve Satterfield, A Path Forward for Privacy and Online Advertising, Meta (Oct. 2, 2020), https://about.fb.com/news/2020/10/a-path-forward-for-privacy-and-online-advertising/; Steve Satterfield, Personalized Advertising and Privacy Are Not at Odds, Meta (Dec. 16, 2020), https://about.fb.com/news/2020/12/personalized-advertising-and-privacy-are-not-at-odds/.
  • 18
    Since, as Apple rebutted, ATT “does not require Facebook to change its approach to tracking users and creating targeted advertising, it simply requires they give users a choice.”
  • 19
    See Plantin et al., supra note 9.
  • 20
    Such flipping “between figure and ground” is not uncommon given the “interlocking” landscape of digital infrastructures, in which “the infrastructural ‘ground’ has its own substrate, its own platform.” Shannon Mattern, Scaffolding, Hard and Soft: Critical and Generative Infrastructures, Spheres (June 21, 2016), https://spheres-journal.org/wp-content/uploads/spheres-3_Mattern.pdf.
  • 21
    See Fisher & Streinz, supra note 2, at 18.
  • 22
    See Aaron Perzanowski & Jason Schultz, The End of Ownership: Personal Property in the Digital Economy (M.I.T. Press, Case Legal Studies Research Paper No. 2020-24, 2016); Epic Games, Inc. v. Apple Inc.,2021 WL 4128925 (N.D. Cal. 2021) (“Apple’s creation and cultivation of the iOS device (and its ecosystem) has been described as a walled garden. Said differently, it is a closed platform whereby Apple controls and supervises access to any software which accesses the iOS devices.”).
  • 23
    Unlike with Epic Games, users may not sympathize with Facebook when challenging the power of Apple. Epic Games opposed “Apple’s control over the distribution of apps to its users and the requirement that developers of apps use Apple’s in-app purchases or in-app payments (“IAP”) system, but Facebook opposes a privacy-preserving policy that claims to give users more autonomy. See Epic Games, 2021 WL 4128925.
  • 24
    See Purtova, supra note 4.
  • 25
    Elettra Bietti, A Genealogy of Digital Platform Regulation (June 3, 2021), https://ssrn.com/abstract=3859487.
  • 26
  • 27
    See Yezhong Huang, User-based Attribution Model: Universal ID Scheme (基于用户的归因模式: 通用ID方案, (Aug. 20, 2020); see also CAID Program of China Advertising Association (中国广告协会的CAID方案) (Mar. 24, 2021). Soon after the publication of CAID, the CAA enacted relevant technical specification for “promoting industrial development, respecting industrial interests, safeguarding user rights and ensuring data security.” China Advert. Ass’n, Technical Specification for Mobile Internet Advertising Identification (Dec. 10, 2020); see A Response to Apple’s New Policy on IDFA (应对苹果IDFA新政), Sina Technology(Jan. 12, 2021), https://finance.sina.com.cn/tech/2021-01-12/doc-ikftssan5143068.shtml.
  • 28
    This technology even attracts several international companies. See Lawrence Damilola, A Battle of Wills? China’s Tech Giants Bypass Apple’s Privacy Tool, Ketagalan Media (Apr. 16, 2021), https://ketagalanmedia.com/2021/04/16/a-battle-of-wills-chinas-tech-giants-bypass-apples-privacy-tool/.
  • 29
    See Does Refusing to Track Mean Protecting Privacy? (拒绝追踪就等于保护隐私吗?), Caijing (May 28, 2021), https://finance.eastmoney.com/a/202105281940613346.html.
  • 30
    These statements were made by Zhengjun Yang, the Vice President of CAICT. See A Response to Apple’s New Policy on IDFA, supra note 27.
  • 31
    See also Patrick McGee, Apple Wins Privacy Battle in China, Fin. Times (July 4, 2021), https://www.ft.com/content/c79a5f6a-0827-47a4-9b3b-622a81fcc75a; see also Mike Peterson, Apple Tells Chinese Apps Not to Bypass App Tracking Transparency, Apple Insider (Mar. 18, 2021), https://appleinsider.com/articles/21/03/18/apple-tells-chinese-apps-not-to-bypass-app-tracking-transparency.
  • 32
    See Damilola, supra note 28.
  • 33
    See Jean-Christophe Plantin & Gabriele de Seta, WeChat as Infrastructure: The Techno-nationalist Shaping of Chinese Digital Platforms, 12 Chinese J. Comm. 257 (2019).
  • 34
    Tencent ranked second in the mobile payment market with almost 40% share in 2020.
  • 35
    See Cybersecurity Law of the PRC (中国网络安全法), Xinhua News (July 11, 2016).
  • 36
    The licensing regime is governed by the 2014 PRC Telecommunication Regulation and the 2017 Measures for the Administration of Telecommunication Business License. See AnJie Law Firm, Regulation of Cloud Computing in China (Oct. 13, 2020) (“[T]he operation of cloud services in China requires a VATS license dedicated for IDC [Internet Data Centre Service] business…IDC licenses have only been granted to Chinese companies and their joint ventures with Hong Kong and Macau investors.”).
  • 37
    In addition, Apple has developed “strong relationships” with the Chinese government in the past five years. See Samuel Axon, Apple CEO Tim Cook Engineered a Secret $275 Billion Deal With China, Ars Technica (Dec. 7, 2021), https://arstechnica.com/gadgets/2021/12/report-apple-ceo-tim-cook-engineered-a-secret-275-billion-deal-with-china/?utm_source=pocket_mylist.
  • 38
    See Fisher & Streinz, supra note 6, at 51.
  • 39
    The de facto impact of ATT on Facebook has been limited. The year-on-year growth rate of its ad revenue reached 33% in 2021 (see supra note 23); in the same quarter of 2020 and 2019, the growth rate was 22% and 28%, respectively.
  • 40
    Lessig warns the danger of regulating through “code” as “architecture” due to the fading transparency and accountability of (government) choices. See Lawrence Lessig, Code: Version 2.0 (2006).