Skip to main content

iOS 15 Privacy Report Update: What it Means for App Owners

By , and January 19, 2022October 28th, 2022Insights

As we previously noted, iOS 15 rolled out several privacy-focused measures to users. For example, users may record their app activity and download a report on app metrics from the previous seven days, called the App Privacy Report. These metrics include, for example: 1) when apps access certain permissions on the device (e.g. microphone, location, camera, etc.) and 2) which domains the app directly contacts.

Initially, this report was only downloadable in a JSON file, which can be difficult to parse. With the recent release of iOS 15.2, users can now also view the report directly on the device in a more readable format.

What’s New

With this new feature, however, companies should consider refraining from relying on the App Privacy Report for their legal compliance efforts because it fails to include the most important piece needed for legal compliance – specifically, which data is being collected and shared.

As a reminder, relevant legal obligations regarding privacy law typically require organizations to:

  • Know which third parties receive consumer data (and the type of data) from consumer-facing interfaces (e.g., CCPA; GDPR),
  • Accurately disclose data practices, and
  • Process and respond to DSARs (e.g., CCPA).

While the App Privacy Report may provide understanding to a casual user, reliance on the report to meet the above requirements will not be enough to give an organization a complete picture of how their app collects and/or shares data, including personal information as defined by applicable law.

Additionally, the App Privacy Report may not include all of the third parties who are contacted by the app.

NT Analyzer, in contrast, catalogs all the data, including personal information, that an app collects and/or shares.

As a reminder, come April 2022, Google will be releasing its own privacy requirements as we previously discussed. Contact us today for more information on how NT Analyzer can help with your privacy compliance efforts.

Steven Roosa

Author Steven Roosa

Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner in Norton Rose Fulbright's New York office and oversees the firm's privacy compliance tool suite, NT Analyzer.

More posts by Steven Roosa
Steven Roosa

Author Daniel Rosenzweig

Daniel B. Rosenzweig is a lawyer in Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity practice group in the New York office. Daniel is part of the core team that oversees NT Analyzer to help clients navigate the complex data protection and privacy landscape.

More posts by Daniel Rosenzweig
Steven Roosa

Author Nicole Sakin

Nicole Sakin is an associate in Norton Rose Fulbright's Information Governance, Privacy and Cybersecurity practice group in the Washington, DC office. Nicole advises clients on compliance with data protection and privacy laws, including COPPA, GLBA, HIPAA, TCPA, VPPA, FTC Act, and CCPA/CPRA and other state privacy laws. Nicole has experience with drafting applicable disclosures, privacy policies, and operational controls, as well as advising clients on building and implementing their privacy compliance programs across all stages of the development lifecycle. She also assists clients with drafting and interpreting technology-related contracts, including insertion orders, service provider addendums, and data protection agreements/addendums.

More posts by Nicole Sakin