By: Talia Boiangin, J.D., CIPP/US
In June 2020, during its annual Worldwide Developers Conference (WWDC), Apple announced major changes to increase privacy for its users. Mobile app developers, as well as Mac developers, will have to evaluate and disclose their data collection policies to avoid intense scrutiny from Big Brother’s biggest rival. Apple delayed enforcement of one requirement that allows users to opt out of tracking by apps until “early next year.” Although this change will be huge for users, Apple has recently come under fire by privacy activist Max Schrem, who claims that the company itself is violating EU law by tracking users without their consent. Apple denies the allegations and is proceeding forward with requiring app privacy details from App Store developers starting December 8, 2020.
The amount of information required could prove difficult and time-consuming to companies without in-house legal counsel. Without a good understanding of what disclosures are required, such companies risk losing revenue. App developers will have to disclose all types of data that they and their third-party partners collect by answering questions on App Store Connect. The goal is to allow users to understand how mobile apps collect personal data. They must keep their responses accurate and up to date, which could prove burdensome for developers with a full suite of apps or a habit of shifting their business models. If the developer does not update its response, the app won’t be allowed in the iOS App Store or Mac App Store. This sounds more like a Big Brother persona than Big Brother’s rival, but Apple maintains that “our aim is to always protect the privacy of our users.” Hilary Wandall, TrustArc’s SVP, Privacy Intelligence and General Counsel says “Apple’s requirements should serve as the tipping point for making privacy nutrition labels mainstream. . . . These new requirements also raise the bar for app developers to know their data, data practices, and data sharing in order to update their apps or launch new ones starting December 8th.”
Apple does list four exceptions to mandatory disclosure of such collection practices:
1. The data is not used for tracking purposes, meaning the data is not linked with Third-Party Data for advertising or advertising measurement purposes, or shared with a data broker. For details, see the Tracking section.
2. The data is not used for Third-Party Advertising, your Advertising or Marketing purposes, or for Other Purposes, as those terms are defined in the Tracking section.
3. Collection of the data occurs only in infrequent cases that are not part of your app’s primary functionality, and which are optional for the user.
4. The data is provided by the user in your app’s interface, it is clear to the user what data is collected, the user’s name or account name is prominently displayed in the submission form alongside the other data elements being submitted, and the user affirmatively chooses to provide the data for collection each time.
This new disclosure requirement is a step up from Apple’s privacy notice requirement. This might be useful in more than one way: keep your app active on the most popular app store in the world, while also staying apprised of your company’s privacy practices and staying one step ahead of the ever-changing privacy landscape. If you have any questions or want to ensure your app doesn’t lose it place in the App Store, contact Lalchandani Simon PL at info@lslawpl.com or at 305-999-5291.