Back to all blog posts

Balancing user convenience and consent in system updates

Over Thanksgiving, a Facebook post from a local community police department caught my attention, warning about an automatic feature called NameDrop in the Apple iOS17 update. Once I returned to work, I decided to delve into the issue surrounding this automatic feature. It also reminded me that this is not the first time I have encountered features requiring manual adjustments after Apple operating software updates.

It is worth noting that Apple is not alone in this practice; it is common practice in the tech industry to place responsibility on individuals to adjust their privacy settings to opt out of data-sharing features after system updates.

Apple’s NameDrop Feature

How it works

With NameDrop, two phones placed near each other can easily exchange contact information. A pop-up gives the user the option to simply receive the other person’s contact information or to exchange each other’s contact information.

Risks for Users

While law enforcement agencies advise iPhone users to turn off this feature, they stress the necessity of a second key step to send or receive the contact information. This means accidental sharing is not enabled by default. However, user error is always possible. An accidental tap of “accept” can result in sharing your contact information with a stranger, and unfortunately, this action cannot be undone.

In terms of automatic features, there are more concerning options available. Google and Microsoft browsers, for example, have features that allow automatic data sharing with third parties. While accidental sharing of your phone number and name may not sound ideal, it may not be as concerning as the information stored on your internet browsers using cookies. This includes data elements such as your location and Facebook ID, which are often sold to countless third parties for a variety of uses. Your phone number and name may already exist online. Therefore, the risk of your contact information falling into the hands of a malicious actor could remain the same.

Privacy Concerns

The question here is not whether we as users should care about the feature or its accidental misuse. Rather, it should be how all companies entrusted with our personal information can be held accountable, at different levels as appropriate, to provide notice of changes to their data processing and allow users choices in this regard.

With a feature like NameDrop, it might seem like Apple should make it more obvious to users before system updates activate this feature, or perhaps, no data-sharing features should be automatically turned on at all. It feels almost misleading that the company is allowed to wait for users to discover certain data-sharing features or practices from another source, or until they accidentally use the feature.

This may be influenced by the legal landscape, where most of the US state laws in effect today permit opt-out consent for data processing.’ Opt-out consent allows data to be processed until the user indicates their lack of consent. This stands in contrast to opt-in consent, which mandates that data cannot be processed until the user takes action to signify their agreement for the processing.

Technically, what Apple has done here is legal according to most US state privacy laws, although public reactions suggest it may not be deemed reasonable.

Lessons Learned

For users of iPhones, the internet, and other devices, conducting a regular settings review becomes crucial after every settings update. Here are some practical steps to consider:

  • Turn off automatic updates and wait a few days to see if any features turn up that need to be switched off.
  • If interested in using a new feature like NameDrop, toggle it on only when sharing contact information, remembering to turn it off afterward.

As news stories advise iPhone users to disable this setting, it remains to be seen if Apple will face any implications for the feature. While there might be a low risk of a privacy violation due to the opt-out consent requirement, the company is certainly under scrutiny and actively managing requests for comment.

Reach out to Privacy Ref with all your organizational privacy concerns, email us at or call us 1-888-470-1528. If you are looking to master your privacy skills, check out our training schedule, register today and get trained by the top attended IAPP Official Training Partner.