From December 8, 2020, developers must indicate the kinds of data they collect and how they use it on the product page in the App Store
What’s happening: Developers around the world since the beginning of the summer of 2020 are freaking out because of Apple’s plans to turn off the IDFA, identifier for advertisers which allows for more effective targeting. Disabling the IDFA means that developers will need to obtain user consent to collect data to customize advertising (it is automatic as of now). The reason for the changes is user privacy concerns.
The developers expected IDFA to be disabled with the release of iOS 14, but Apple announced that it had decided to postpone it until early 2021. The market breathed a sigh of relief — the company has just published new privacy requirements on the developer page. It will force mobile developers to make drastic changes within a month.
Adsider has prepared a brief description of what developers will have to report from December 8, 2020.
Developers must answer a series of questions in the App Store Connect and indicate exactly what types of data they collect.
Apple offers the following classification:
– health and fitness;
– financial data;
– sensitive information (religious views, sexual orientation, etc.);
– user content (photos, videos, posts on social networks);
– search history;
– data by which the user can be identified;
– data on the use of the application;
– application diagnostics;
– other data.
If you collect at least one type of information, you will need to indicate this on the product page and update the data in a timely manner if the situation changes.
Use of data
Simply specifying what data you are collecting is not enough. It is necessary to report on their use:
– for third-party advertising;
– for advertising or marketing solely for the purposes of the developer;
– for analytics;
– to personalize the product;
– to improve the functionality of the application;
– other purposes.
Too personal data
You’ll need to determine if you can identify the user by the data you collect (through their account, device, or other details). The data collected in the program often makes it possible to “find” the user if you do not install special privacy protections for anonymization, including deleting data of any direct identifiers, such as user ID or name.
Developers are prohibited from:
– try to link the collected data to the user’s identity;
– link the received information to other data sets that allow to identify the user.
Here, developers will need to determine whether they or their partners are using application data to track users and, if so, which ones.
Tracking means linking data collected in an application, such as a user ID, device ID, or profile, to third-party data for targeted advertising or ad measurement, or exchanging data collected in an application about a user or device with third parties.
Examples of tracking include:
– Show targeted ads in your app based on user data collected from apps and websites owned by other companies.
– exchange device location data or e-mail lists with third parties;
– providing a database of e-mails, advertising identifiers or other identifiers to a third-party advertising network that uses this information to target these users in third-party applications or to search for similar users;
– Placing a third-party SDK in your application that combines user data with user data from third-party applications to target advertising or measure advertising performance, even if you do not use the SDK for this purpose.
Not considered tracking:
– if the data is stored exclusively on the end user’s device and is not transmitted elsewhere;
– if the data broker uses the data provided solely to detect or prevent fraud or for security purposes and solely on your behalf.
It is not necessary to disclose data collection if:
– data are not used for tracking, ie not related to the measurement for advertising purposes and are not transmitted to intermediaries;
– the data is not used for third-party advertising, your advertising or marketing purposes;
– data collection occurs only in rare cases, is not the main function of your application and is optional for the user;
– the data is provided by the user in the interface of your program, the user understands what data is collected, the username or account is in a prominent place, and the user always decides whether to provide their data for collection.
Read more about how Ukrainian mobile developers are preparing for the new rules in the article.