In the past, we have recommended that all mobile app operators have a privacy policy that is readily-available to consumers. Apple is now taking this advice one step further and requiring that all new apps, and any updates to pre-existing apps, provide the app’s privacy policy in the app’s metadata. The new app privacy policy rules will be implemented on October 3, 2018, and, most likely, are being made in response to Europe’s new General Data Protection Regulation (“GDPR”).

What should App Privacy Policies include?

Mobile App Privacy Policy Data Collection

If a mobile app collects any user personal information, the app provider is required by applicable law to have an associated privacy policy that discloses: 1) what personal information is collected by the app; 2) what control the consumer has over how this personal information is used; 3) what access the consumer has to, and her/his ability to edit/delete, this information, if necessary; 4) how the personal information is stored and protected; and 5) what will occur if there is a data breach.

Additionally, if a mobile app collects personal information from citizens of the European Union (“EU”), app providers will have to ensure that they are compliant with the GDPR. The EU enacted the GDPR to better promote transparency and accountability when it comes to personal data collection, storage and use. One of our previous blogs provided tips for GDPR compliant privacy policies, including that companies (including app providers) must have a lawful basis for processing personal data, must provide contact information for data controllers and data processors, and must inform users of their right to be forgotten.

Compliance with Apple’s New App Privacy Policy Rule

Previously, the App Store had required that privacy policies were required only for subscription-based apps. The new requirement extends to all apps that are available through the store, including apps which do not connect to the Internet after installation. Now, when consumers are using the app on an iPhone or iPad, a link to the privacy policy must be included in the app metadata so that it will appear in a browser on the app developer’s site. For apps appearing on tvOS, where there is no web browser, developers are required to provide their privacy policy in a text box that can be displayed on Apple TV. In addition, any embedded third-party software within the app must comply with the parent app’s privacy policy.

Crafting an All-Encompassing App Privacy Policy

In recent months, data protection has been on everyone’s mind. When done incorrectly, data protection can have traumatic effects on consumer trust. Consulting with a consumer privacy attorney for purposes of constructing an app privacy policy that is specific to a business’s needs is an effective way to protect against future litigation.