In June, Apple held its annual Worldwide Developers Conference (WWDC20) in which the company announced, among other news, two major updates to its privacy guidelines:

  1. App Store product pages will feature a new privacy information section to help users understand an application’s privacy practices, and
  2. Apps will be required to receive user permission to track users across apps or websites owned by other companies, or to access the device’s advertising identifier.

App Privacy details on the App Store

Regarding the first announcement, Apple more recently informed app developers that they will need to provide information about their app’s privacy practices. This includes the practices of third-party partners whose code is integrated into the app, in App Store Connect.

Based app developers’ answers to a detailed set of questions about their apps’ data collection and use, Apple will add charted breakdowns of  privacy practices to each app’s product page in the App Store.

Apple has indicated to app developers that they will be able to submit this information via App Store Connect and should prepare for the new privacy information feature to be rolled out to users by the end of 2020. App developers must also update their responses to these questions if privacy practices change.

Asking Permission to Track

Regarding the second announcement, Apple has indicated that with iOS 14, iPadOS 14, and tvOS 14, app developers will need to receive users’ permission through the AppTrackingTransparency framework to track them or access their device’s advertising identifier.

Apple outlines numerous examples of “tracking” that would each require user consent through the framework:

  • Displaying targeted ads in an app based on user data collected from third-party apps and websites;
  • Sharing device location data or email lists with a data broker;
  • Sharing a list of emails, advertising IDs, or other IDs with a third-party advertising network that uses that information to retarget those users in other developers’ apps or to find similar users; and

Placing a third-party SDK in an app that combines user data from the app with user data from other developers’ apps to target advertising or measure advertising efficiency, even if the SDK is not used for those purposes.

Organisations that use the App Store to reach users will soon need to meet these new requirements introduced by Apple. Amongst the largest technology firms, Apple is the first to adopt robust privacy guidelines that align with GDPR and other privacy legislation. There is every indication that corporations will gradually follow the lead of national legislators and corporate leaders like Apple. For those organisations that want to stay ahead of the competition, the best approach would be to gain compliance early – and this can be achieved by contracting a Data Protection Officer like HewardMills.

Additional blog contributions: Peter Boaz, data protection and privacy consultant