Changes Made to the Apple App Store Privacy Policy Following GDPR Introduction

Starting October 3, 2018, the Apple App Store will implement a new privacy policy rule that will require app developers to disclose to users how their personal data is used, protected and shared. This privacy policy for apps is necessary before developers can distribute apps through the App Store or through TestFlight external testing.

Though Apple mentioned on the App Store Connect announcement page that the new European Union General Data Protection Regulation (GDPR) did not influence this policy change, the amendments appear to reflect GDPR requirements.

The GDPR is legislation drawn up to protect private personal data and started to be enforced on May 25, 2018. The law covers all organisations that do business in Europe or with European residents.

According to the new App Store rule, developers need to have a privacy policy for all new apps and updates prior to distribution. It is not just a case of altering privacy policies for apps approved for distribution, because Apple stated that privacy policy changes will just be possible when a new version of an app is released.

There have also been several other changes to privacy policy requirements:

  • The privacy policy should be accessible within the app
  • The privacy policy should tell users which information is collected by the app and how it is used
  • There must be a list of third parties with whom the collected data is shared. The list should include advertising networks, analytics tools, and third-party SDKs if used
  • The third parties are required to adhere to the new policy as well
  • The app must provide users with access to data retention and deletion policies, including the information users need in case they want to revoke their consent or request the removal of their data.

The announcement about these changes was made just a few weeks prior to the yearly Apple iPhone announcements. Most likely, there will be other changes made to ensure compliance with GDPR.