Apple has revealed a list of privacy labels. Developers are required to inform users when they want to share certain personal data with third parties by showing these labels.
The labels appear on an information page about the new privacy guidelines in the App Store. From now on, an app’s page in the App Store will also contain a section called App Privacy. Under that heading is information about all the personal data that the app processes. This data is divided into three types: data used to track you, data linked to you, and data not linked to you.
Overview of privacy labels
- Contact info
- Email address, hashed or unhashed
- Phone number, hashed or unhashed
- Physical address
- Other user contact info
- Health and Fitness
- Health, such as information from the HealthKit API
- Fitness, such as information from the Motion and Fitness API
- Financial Info
- Payment info, such as credit card or bank account number
- Credit info, such as credit score
- Other financial info, such as salary
- Precise location, based on GPS
- Coarse location, maximum of three decibels in coordinates
- Sensitive info
- Sensitive info, such as race, sexual orientation, disabilities, etc.
- User Content
- Emails or text messages
- Photos or videos
- Audio data
- Gameplay content, such as saved games
- Customer support
- Other user content
- Browsing History
- Browsing history on the web
- Search History
- Search history within the app
- User ID
- Device ID
- Purchase history
- Usage Data
- Product interaction, such as clicks within the app
- Advertising data, such as which ads the user has seen
- Other usage data
- Crash data, such as crash logs
- Performance data
- Other diagnostic data
- Other Data
- Other data not mentioned in other categories
Further rules and exceptions
App developers must clarify for each of the data collected what the data will be used for. Apple lists examples such as third-party advertising, publisher advertising, analytics, personalisation, app functionality and other purposes.
Not all data collected needs to be disclosed. Apple makes an exception for when the user enters the data themselves, for example in a form. A strict requirement is that the data is not used for tracking users and is not disclosed to a third party. Also, this kind of data collection may not be used too often.
The new labels are in addition to other new privacy rules in the App Store. These state that users must actively give their permission to share data with third parties, as is the case with, for example, access to a device’s camera. Google and Facebook have fought hard against these rules, but it seems that they will have to accept them after all.