During its annual Worldwide Developers Conference this summer, Apple announced a handful of new consumer-oriented privacy features coming to its software and devices. One feature will require app publishers to disclose information regarding their apps’ data collection and use practices in what some are referring to as a privacy “nutrition label.” Another significant privacy feature will require businesses to assess whether they are “tracking” users of their apps and, if so, obtain opt-in consent from users to continue the practice.
Privacy Nutrition Labels
On November 5, 2020, Apple announced that the privacy nutrition label requirement will apply to new apps and updates submitted on or after December 8, 2020. Starting December 8, all new apps and app updates must include the following information before they can be published in the App Store:
- Which of Apple’s 14 predetermined types of data you collect (Contact Info, Health and Fitness, Financial Info, Location, Sensitive Info, Contacts, User Content, Browsing History, Search History, Identifiers, Purchases, Usage Data, Diagnostics, and Other Data).
- Which of Apple’s six predetermined purpose(s) for collecting data describe your purposes for collecting each type of data you collect (Third-Party Advertising, Developer’s Advertising or Marketing, Analytics, Product Personalization, App Functionality, and Other Purposes).
- Which of the types of data you collect are “linked” to the user’s identity (linked is not defined, but Apple says that data considered personal data or personal information under “relevant privacy laws” are considered linked to the user’s identity).
- Which of the types of data you collect are used for “tracking” the user (Apple defines tracking as “linking data collected from your app about a particular end-user or device, such as a user ID, device ID, or profile, with Third-Party Data for targeted advertising or advertising measurement purposes, or sharing data collected from your app about a particular end-user or device with a data broker”).
This information will then be compiled by Apple and presented on the app’s App Store page in Apple’s standardized privacy nutrition label format.
For apps currently available in the App Store, there is no need to provide a new privacy disclosure until developers submit an update to that app. To help companies prepare for these detailed disclosure requirements, Apple has released guidance explaining exactly what information will be required and how to enter that information when submitting a new or updated app. On November 24, 2020, Apple posted a reminder of the coming changes on its developer website.
User Consent for Tracking
Although initially intended to launch in fall 2020 alongside its iOS 14 operating system, Apple announced in September that it would wait until 2021 to begin requiring apps to obtain opt-in consent from the user in order to track the user or access the device’s advertising identifier. Apple published a letter on November 19, 2020, reaffirming its commitment to implementing these requirements in the future, but there is still no set date for when the requirements will take effect. Information regarding Apple’s current definition of tracking and associated requirements can be found here.