Hot Topics
Security Bloggers Network 
SBN

How Complying with the Apple App Store Privacy Requirements Can Fit into Your Company’s Overall Privacy Compliance Program

by "Ask Aleada" Blog - Aleada Consulting on May 6, 2021

With the new iOS14 update, Apple now requires developers to provide information about your privacy practices when submitting new apps and app updates across the Apple App Store, subject to certain exceptions. 

How does my company comply with Apple App Store privacy requirements? 

To meet Apple’s new App Store privacy requirements, your company will need to

  • Identify all data that your company and third-party partners collect; and 

  • Determine whether your company is required to disclose the data collected. 

For an overview on how to comply with Apple App Store privacy requirements, read the first post in our “Apple App Store Privacy Requirements” series.

What are my company’s next compliance steps? 

Your company needs to: 

  • Build or update your company’s Data Inventory, especially for data collected by your app; and 

  • Complete analysis of whether the data types collected by your app require disclosure to Apple. 

To comply with Apple App Store privacy requirements, your company may not need to update or build a company-wide Data Inventory, but it should at least cover the data collected by your app.  

To learn more about the detail your company must provide about each of the above items, check out the second blog post in our “Apple App Store Privacy Requirements” series.

How does complying with the App Store privacy requirements fit into my company’s overall privacy compliance program? 

Although Apple’s App Store privacy requirements are new, companies subject to privacy regulations, such as the General Data Protection Regulation (“GDPR”) and  California Consumer Privacy Act (“CCPA”), may already have information about its data collection and use practices readily available and documented as part of their overall privacy compliance program. 

Build or Update Your Company’s Data Inventory  

If your company has not already built or updated your existing Data Inventory,  complying with the Apple App Store privacy requirements is a great reason for completing this task.  

A Data Inventory serves many purposes within an organization beyond just meeting regulatory requirements. Compiling a data inventory is the first step to understanding the detailed information a company collects, uses, and shares. For example – the data inventory provides a foundation for your external privacy notices or disclosures and is an essential part of maintaining data quality and responding to consumer or data subject requests.  

Completing a Data Inventory will help your company meet the Apple App Store privacy requirements by identifying: 

  1. The types of data your company collect from users; 

  2. How your company uses that data (the purposes for data use); and 

  3. Whether each data type is linked to a user’s identity (e.g., through the user’s account, device, or other details), by your company or your third party. 

Information from your company’s Data Inventory can then be used to analyze which types of data require disclosure under Apple’s guidelines

Update Your Company’s Privacy Notice 

The App Store requires your company to add the URL of your publicly accessible privacy notice on your app’s product page. The information gathered for a Data Inventory supports statements made in your company’s privacy notice about what information your company or app collects from users and how your app collects, uses, shares, and stores user information. 

Privacy Compliance Roadmap 

The information-gathering stage of building or updating data inventory helps identify gaps in your privacy compliance program. Based on your company’s size, risk appetite, and industry best practices, creating a prioritized list of remediation activities with a timeline will help meet privacy priorities consistent with your company’s business objectives. 

Privacy as a Competitive Advantage  

Privacy continues to dominate discussions across technology-based industries, and consumers are more educated about their rights than ever. Users’ app downloads are increasingly based on company transparency and privacy is a competitive advantage (e.g., see the move many made from Facebook’s WhatsApp to Signal).  

How can Aleada help? 

Schedule a free 30-minute consultation with Aleada to discuss how we can help your company with privacy compliance. Contact us at [email protected].  

*** This is a Security Bloggers Network syndicated blog from "Ask Aleada" Blog - Aleada Consulting authored by "Ask Aleada" Blog - Aleada Consulting. Read the original post at: https://www.aleada.co/ask-aleada-blog/2021/5/6/how-complying-with-the-apple-app-store-privacy-requirements-can-fit-into-your-companys-overall-privacy-compliance-program-bay7f

"Ask Aleada" Blog - Aleada Consulting