Skip to main content

Google’s Data Safety Form: Timeline Extended and Key Considerations

By and February 28, 2022Insights

Google recently announced several key changes to the upcoming “Data safety form” for Google Play, including:

  1. Required Timeline Extended to Submit Data safety form: Google extended the deadline from April 2022 to July 2022. Specifically, according to Google:
    • July 20, 2022: All new apps and updates to existing apps must include a Data safety form. If an app fails to do so, then: (1) new app submissions and app updates will not be published; (2) the app’s Data safety section will say, “No data available” and (3) the developer will receive an email noting that there are issues that need to be addressed.
    • After July 20, 2022: Google may bring additional enforcement action against the developer in the future, such as removing the app from the Google Play store.
  2. Data Type Updates:
    • “Personal identifiers” was renamed to “User IDs.”
    • “Credit card,  debit card, or bank account number” was renamed to “user payment info.”
    • “User Salary or debts” was listed as an example of “Other financial info.”
    • “Page views and taps in app” was renamed to “App interactions” and includes the number of times a user visits a page or taps a section.
  3. FAQs Updates:
    • Additional FAQ topics were added to cover off “account management, user-initiated actions, use of payment platforms, and encryption.”

For a full list of the changes, please visit Google’s “Change Log” at the bottom of this link here.

Don’t Just Repurpose iOS Labels:

As a reminder, organizations should be wary of simply repurposing their iOS nutrition labels for their Data safety form. While the iOS labels may provide a starting baseline, Android and iOS apps behave differently and there are several key distinctions between what the Data safety form and iOS nutrition labels require.

In fact, Google states, “The Data safety form will ask for additional and different information that you may not have used previously, so we want you to expect that this will still take effort for your team. The taxonomy and framework of the Data safety section on Google Play may differ materially from those used in other app stores.”

Next Steps for Organizations – Aligning Public Facing Disclosures:

Legal and development teams should continue to work together to align the Data safety form and iOS nutrition labels with other public-facing disclosures, such as the organization’s privacy policy. Specifically, it is important both the legal and dev teams collaborate to understand and accurately represent how their apps are behaving. This is especially true considering the dev team typically publishes the mobile app store disclosures, and the legal team typically drafts the privacy policy.

With NT Analyzer’s downloadable report and designated module for Android (similar to the designated iOS module for iOS apps), the dev and legal teams will have the information they need to meet their Data safety form requirements and make accurate disclosures and representations about their apps. The report includes, but is not limited to:

  • Identifying all parties collecting data (as well as which SDKs are integrated into the app);
  • Identifying all data types, including personal information/data (at both a technical – e.g., hashed, encoded, fingerprinting, GAID, etc. – and traditional level); and
  • Determining how each data type is used (e.g., App Functionality and/or Personalization).

Ask us today how we can help your organization prepare for the Data safety form and how NT Analyzer can help.

 

Special thanks to law clerk Nicole Sakin for her assistance in the preparation of this content.

Steven Roosa

Author Steven Roosa

Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner in Norton Rose Fulbright's New York office and oversees the firm's privacy compliance tool suite, NT Analyzer.

More posts by Steven Roosa
Steven Roosa

Author Daniel Rosenzweig

Daniel B. Rosenzweig is a lawyer in Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity practice group in the New York office. Daniel is part of the core team that oversees NT Analyzer to help clients navigate the complex data protection and privacy landscape.

More posts by Daniel Rosenzweig