Starting in December, apps in Apple’s App Store will have to display privacy practices prior to download.
Apple announced that all apps available in its App Store will need to comply with a new privacy certification procedure. This requirement centers around adding a standardized privacy summary to the App description in the App Store.
The new disclosure requirement was first introduced at the Apple Worldwide Developer Conference in June. There, Erik Neuenschwander, Apple’s user privacy manager, described the new process to the nutritional labels on food.
“For food, you have nutrition labels; you can see if it’s packed with protein or loaded with sugar, or maybe both, all before you buy it,” he explained. “So we thought it would be great to have something similar for apps. We’re going to require each developer to self-report their practices.”
How developers can comply
Developers can create their privacy practice labels by answering a series of questions through App Store Connect. Apple provides guidelines in how to answer these questions, as follows:
- Developers must identify all of the data they or their third-party partners collect.
- The app’s privacy practices should follow the App Store Review Guidelines and all applicable laws.
- The developer is responsible for keeping their responses accurate and up to date.
- If the developer’s practices change, they must update their responses in App Store Connect.
The disclosure is optional only if the data collected by the app is not used for tracking, for advertising or advertising measurement purposes. The data may not be shared with a data broker or used for Third-Party Advertising.
The app’s data collection must also be infrequent and unrelated to the app’s primary function. The data collection must be optional and the user must choose to provide the data in conjunction with clear disclosure.
If all these conditions are not met, then developers must disclose the use of the used information. This includes contact information, health and financial data, location data, user content, browsing history, search history, identifiers, usage data, diagnostics, etc.
The new privacy labeling requirements take effect on 8 December 2020.