Changes Made to the Apple App Store Privacy Policy Following GDPR Introduction

Starting October 3, 2018, the Apple App Store will implement a new privacy policy rule that will require app developers to disclose to users how their personal data is used, protected and shared. This privacy policy for apps is necessary before developers can distribute apps through the App Store or through TestFlight external testing.

Though Apple mentioned on the App Store Connect announcement page that the new European Union General Data Protection Regulation (GDPR) did not influence this policy change, the amendments appear to reflect GDPR requirements.

The GDPR is legislation drawn up to protect private personal data and started to be enforced on May 25, 2018. The law covers all organisations that do business in Europe or with European residents.

According to the new App Store rule, developers need to have a privacy policy for all new apps and updates prior to distribution. It is not just a case of altering privacy policies for apps approved for distribution, because Apple stated that privacy policy changes will just be possible when a new version of an app is released.

There have also been several other changes to privacy policy requirements:

  • The privacy policy should be accessible within the app
  • The privacy policy should tell users which information is collected by the app and how it is used
  • There must be a list of third parties with whom the collected data is shared. The list should include advertising networks, analytics tools, and third-party SDKs if used
  • The third parties are required to adhere to the new policy as well
  • The app must provide users with access to data retention and deletion policies, including the information users need in case they want to revoke their consent or request the removal of their data.

The announcement about these changes was made just a few weeks prior to the yearly Apple iPhone announcements. Most likely, there will be other changes made to ensure compliance with GDPR.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: