Apple App Store Privacy Policy to be Updated Following Introduction of GDPR

From October 3, Apple App Store rules will oblige developers will have to disclose how users’ personal data is used, safeguarded and shared under a new privacy policy.

In the release posted on the App Store Connect page to announce the new rules Apple did not refer to the new European Union General Data Protection Regulation as an influencing factor behind the changes. However, the amendments seem to mirror the requirements of GDPR.

Apple states: “Starting October 3, 2018, App Store Connect will require a privacy policy for all new apps and app updates in order to be submitted for distribution on the App Store or through TestFlight external testing”.

GDPR is a new data protection legislation, that was introduced on May 25 2018, which was drawn up to safeguard private personal data. The legislation applies to any organisation that does business in Europe.

As per the changes to the App Store privacy policy, developers will now have to submit a privacy policy for all new apps and app updates before they can be distributed. It will not be simply a case of changing the privacy policies once they have been approved for distribution as  Apple has revealed that changes to the policies will only be possible with the release of new versions of the app in question.

Other changes include:

  • Making the privacy policy must be openly available within the app.
  • The privacy policy must identify which data the app collects, how it is collected and used.
  • Any third parties that data is shared must be listed, including analytics tools, advertising networks, and third-party SDKs.
  • The third parties listed must also use the shared data in line with the new policy.
  • The app must also outline its data retention and deletion policies, as well as advising users how they can revoke consent or request their data be removed.

This announcement comes just weeks before the annual Apple iPhone announcements so it is likely that there will be more changes revealed to ensure that GDPR is not being breached.