Skip to main content

Solving Apple’s New App Privacy Requirement

By October 16, 2020November 16th, 2020Insights

Starting December 8, 2020, Apple will require developers to provide extensive, granular information about their app’s privacy practices, such as the type of data collected from users, third party data usage, and specific purpose of collection. Presumably, the failure to disclose this detailed information to Apple will get new apps and updates to existing apps blocked from the app store. (See NT Analyzer is equipped to provide organizations with a digestible and readily available report to meet this requirement.

Here’s specifically what Apple says:

Later this year, the App Store will help users understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types the app may collect, and whether that data is linked to them or used to track them. You’ll need to provide information about your app’s privacy practices, including the practices of third-party partners whose code you integrate into your app, in App Store Connect starting this fall.

These requirements include, among other things:

  1. Answering app privacy questions: “You should identify all possible data collections and uses, even if certain data will be collected and used only in limited situations.”
  2. Data collection: “You’ll need to know the types of data that you and/or your third-party partners collect from your app before answering the questions in App Store Connect.”Apple provides a list of data, which includes not only traditional identifiers like email address, financial info, and name, but also: (i) precise and coarse location, (ii) user ID, (iii) device ID, (iv) advertising data, and (v) “any other data types not mentioned.”
  3. Data use: “You should have a clear understanding of how each data type is used by you and your third-party partners,” including: (i) third-party advertising, (ii) analytics, and (iii) app functionality.
  4. Data linked to the user: “You’ll need to identify whether each data type is linked to a user’s account, device, or identity by you and/or your third-party partners.”According to Apple, this notably includes, “‘Personal Information’ and ‘Personal Data,’ as defined under relevant privacy law” – i.e., CCPA and GDPR, respectively.
  5. Tracking: “You’ll need to understand whether you and/or your third-party partners use data from your app to track users and, if so, which data is used for this purpose” such as, “[d]isplaying targeted advertisements in your app based on user data collected from apps and websites owned by other companies.”

Product Note: Granular data detection and third party identification is what NT Analyzer does best. And it produces an easily digestible, verified report that includes a full range of data collected from users and transmitted to third parties, enabling organizations to meet Apple’s privacy disclosure requirements. The report includes, among other things, traditional identifiers such as name and email address, as well as location data, tracking IDs, technical IDs, advertising IDs, device IDs, and the identification of relevant third parties.

The NT Analyzer tool suite also identifies client-side privacy/security events and maps those technical events to legal compliance baselines, and includes recommendations and mitigations regarding the same.

Reach out today for a demo of NT Analyzer to learn how your organization can meet its data protection and privacy compliance needs, especially in a time when big B2C companies continue to change the landscape in an ever-growing privacy-conscious world.

Steven Roosa

Author Steven Roosa

Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner in Norton Rose Fulbright's New York office and oversees the firm's privacy compliance tool suite, NT Analyzer.

More posts by Steven Roosa