Starting December 8, 2020, Apple’s App Store began requiring developers to provide increased transparency about the privacy practices related to each new or updated app submitted through the App Store.
New Privacy Requirements: Below are a few key facts you should know about the new App Store privacy requirements:
- Apple plans to generate a Privacy Facts “Nutrition Label” for each app based on responses to a questionnaire that will describe the privacy practices associated with each app (g., types of data collected; how each type of data is used; whether users are tracked), including the privacy practices of third-party partners whose code is integrated into each app.
- Each app’s privacy practices are expected to follow all applicable laws and the App Store Review Guidelines, which include privacy obligations related to (among other things) data collection and storage, privacy policies, permissions, data minimization, access, data use and sharing, health, kids, and location services.
- App developers are responsible for keeping privacy responses accurate and up to date.
New Privacy Risks:
Organizations that currently offer and/or plan to offer apps through the Apple App Store should be aware of Apple’s new App Store privacy requirements and take steps to help ensure that only accurate, complete, and consistent privacy information is submitted to Apple about each new and updated app. Providing inaccurate or incomplete information about an organization’s privacy practices could trigger a violation of the Apple Developer Agreement or related Terms and Conditions, which could lead to removal of the app, and/or result in a violation of Section 5 of the Federal Trade Commission Act for unfair and deceptive practices.
Risk Mitigation Steps:
Organizations that offer apps through Apple’s App Store should take the following initial steps toward complying with Apple’s new privacy requirements:
- Familiarize yourself with the obligations, restrictions, and guidance set forth in the following Apple resources:
a. App Store Review Guidelines, which include privacy obligations related to (among other things) data collection and storage, privacy policies, permissions, data minimization, access, data use and sharing, health, kids, and location services;
b. App Privacy Details on the App Store, which explains the information that is now required for each app and the method for submitting such information; and
c. App Store Connect Help, which provides additional information associated with managing app privacy;
- Identify, understand, and disclose all types of data collected and the purposes for which such data will be used by the organization and any third-party partners;
- Answer all questions in the Apple App Store privacy questionnaire with accurate and complete information; and
Fey LLC will continue to closely monitor developments related to the Apple App Store privacy requirements. To ensure you don’t miss out on any articles and alerts we prepare on this or other significant data protection laws and developments, you can follow our LinkedIn page here.
Keith Geekie, an information analyst with Fey LLC, contributed to this post.