In addition, app stores are requiring apps to have Privacy Policies before they can be distributed through the stores.
What kinds of information are deemed "personal?" Any information that could be used to identify someone.
A few examples include:
- Billing or shipping address
- First name and family name
- IP address
- Email address
- Credit card details
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- 1. Regulations Governing Privacy Policies
- 3.1. From the Windows App Developer Agreement
- 3.2. From Google Play's Developer Policy Center
- 3.3. From the Apple App Store Review Guidelines
Regulations Governing Privacy Policies
A number of major, overarching privacy regulations have been made law in the last few years, and they're not restricted to single nations. One of these regulations covers 28 countries, some apply to two or three countries, and one was developed by one state (California) but manages to apply to the entire USA.
The most significant regulation is the EU's (European Union's) General Data Protection Regulation (GDPR), which came into effect in May of 2018 and quite rigorously secures the confidentiality of the personal information of all those in the 28 EU countries. It's 88 pages long and goes further than any other regulation to establish a safe online environment for consumers.
Australia's Privacy Act of 1988 was drafted before information technology was a major threat to personal privacy. However, its principles still apply today and the letter of the law has been updated to reflect current conditions.
CalOPPA in the United States is a regulation created by California which now serves as a privacy regulation for the whole country.
The Student Online Protection Act (SOPIPA) is a regulation protecting student data from third-party vendors (e.g. businesses that scan emails to collect information in aid of marketing initiatives). Since vendors often use mobile phone apps to scan the contents of smartphones, app developers are now required to strictly adhere to their own conspicuously placed Privacy Policies.
If your app targets users under the age of 13, COPPA (Children's Online Privacy Protection Act) requires that only certain information be collected from children, and with parental consent. An app developer would have to find a reliable means of verifying parental consent.
- Be easy to understand
- Be conspicuously posted
- Clearly inform consumers of what information you collect, why you collect it, what you plan to do with it, and with whom you may share it
App stores have to be careful about the apps they allow to carry their brand, as indiscretions can destroy their reputation. At the same time they are legally required to demand compliance from every app developer they represent.
Here are a few examples of what the major app stores demand from developers.
From the Windows App Developer Agreement
- Your app accesses, collects or transmits any personal information either for you or for a third party,
- You choose to receive App Analytics and Error Reporting Data with your app, or
- You are required by law.
From Google Play's Developer Policy Center
Google requires that app owners be transparent in how they handle user data by disclosing the collection, use and sharing of data:
From the Apple App Store Review Guidelines
Apple uses best practices by demanding the developer ensure that any third party having access to personal data from the app will exercise the same or an equal level of privacy protection.
Apps that utilize iOS platforms such as Healthkit and Homekit, which access and use sensitive personal information, may have further requirements.
Embedded in the "legal" or "about" menu within the app
Embedded in the screen where you log in or register
If it's an ecommerce app, during checkout
Hosted on your website, preferably in the footer of each page
Some things to remember:
- Know the legal regulations that specifically protect the privacy of your potential customers, wherever they may be located
- Know the requirements of the app stores where your app will be listed
- Know the requirements of any third party tools your app uses