As we previously noted, iOS 15 rolled out several privacy-focused measures to users. For example, users may record their app activity and download a report on app metrics from the previous seven days, called the App Privacy Report. These metrics include, for example: 1) when apps access certain permissions on the device (e.g. microphone, location, camera, etc.) and 2) which domains the app directly contacts.
Initially, this report was only downloadable in a JSON file, which can be difficult to parse. With the recent release of iOS 15.2, users can now also view the report directly on the device in a more readable format.
With this new feature, however, companies should consider refraining from relying on the App Privacy Report for their legal compliance efforts because it fails to include the most important piece needed for legal compliance – specifically, which data is being collected and shared.
As a reminder, relevant legal obligations regarding privacy law typically require organizations to:
- Know which third parties receive consumer data (and the type of data) from consumer-facing interfaces (e.g., CCPA; GDPR),
- Accurately disclose data practices, and
- Process and respond to DSARs (e.g., CCPA).
While the App Privacy Report may provide understanding to a casual user, reliance on the report to meet the above requirements will not be enough to give an organization a complete picture of how their app collects and/or shares data, including personal information as defined by applicable law.
Additionally, the App Privacy Report may not include all of the third parties who are contacted by the app.
NT Analyzer, in contrast, catalogs all the data, including personal information, that an app collects and/or shares.
As a reminder, come April 2022, Google will be releasing its own privacy requirements as we previously discussed. Contact us today for more information on how NT Analyzer can help with your privacy compliance efforts.
Special thanks to law clerk Nicole Sakin for her assistance in the preparation of this content.