Hot Topics
Security Bloggers Network 
SBN

How Do the New Apple App Store Privacy Requirements Affect My Company?

by "Ask Aleada" Blog - Aleada Consulting on February 23, 2021

With the new iOS14 update, Apple now requires developers to provide information about your privacy practices when submitting new apps and app updates across the Apple App Store, subject to certain exceptions.   

What does this mean for my app? 

While Apple’s new requirements may not be completely new for companies (such as providing a privacy notice URL for your app), some involve providing granular detail about your data collecting and sharing practices. 

To meet Apple’s new App Store privacy requirements, your company will need to

  1. Identify all data that your company and third-party partners collect; and 

  2. Determine whether your company is required to disclose the data collected. 

What do we need to understand about our data? 

To meet these new requirements, you need to identify: 

  • The types of data your company collects from users; 

  • How your company uses that data (the purposes for data use); and  

  • Whether each data type is linked to a user’s identity (e.g., through the user’s account, device, or other details), by your company or your third-party.  

To learn more about the detail your company must provide about each of the above items, check out our next “Apple App Store Privacy Requirements” series blog post.  

What happens if we don’t meet the new App Store Privacy Requirements?  

Apple will not remove an app from the store if you don’t provide the information described above – but it will require you to update this information before updating the app or uploading a new app to the App Store.  

How can we figure out what we need to disclose to Apple? 

Your company does not need to disclose information about the data collected by your app if you meet all of the following criteria

  • The data is not used for tracking purposes; 

  • The data is not used for third-party advertising or your own advertising and marketing purposes; 

  • The data collection is optional (i.e., not part of your app’s primary function) and only occurs in infrequent cases; and 

  • It is clear to the user what data elements are being collected, the user’s name or account name is prominently displayed on the submission form, and the user affirmatively chooses to provide the data for each collection point. 

You must complete this analysis for each data type your app collects. If the data type only meets some, but not all, of the criteria listed above, you are required to disclose the collection of that data type. 

What are my next steps? 

Your company needs to: 

  1. Build or update your company’s Data Inventory, especially for data collected by your app; and 

  2. Complete an analysis of whether the data types collected by your app requires disclosure to Apple. 

Conducting a thorough Data Inventory is critical to understanding the how your company collects and uses information. For the purposes of complying with Apple’s App Store privacy requirements, your company may not need to update or build a company-wide Data Inventory, but should at least cover the data collected by your app. 

Information from your company’s Data Inventory can then be used to complete an analysis of which types of data require disclosure to Apple. 

How can Aleada help? 

Schedule a free 30-minute consultation with us to discuss how Aleada can help your company comply with these Apple App Store privacy requirements. Contact us at [email protected] 

*** This is a Security Bloggers Network syndicated blog from "Ask Aleada" Blog - Aleada Consulting authored by "Ask Aleada" Blog - Aleada Consulting. Read the original post at: https://www.aleada.co/ask-aleada-blog/2021/2/22/how-do-the-new-apple-app-store-privacy-requirements-affect-my-company

"Ask Aleada" Blog - Aleada Consulting