How is the data being used?
Who is using the data?
In line with current and emerging privacy laws, apps should collect only the minimum of data required for the relevant task. Minimizing gratuitous data collection is a key component of most privacy regimes at this time and Apple’s new rules reflect this concern.
Consent to Collect Data Required
If your app collects data from users, the user must consent to this. Likewise, the app must include a mechanism for the user to withdraw their consent at a later time. Withdrawing consent must be easy to do and understandable for the average user.
The Right to be Forgotten
The right to be forgotten has become a buzz phrase in the privacy world with the advent of Europe’s GDPR. Users or consumers in Europe, and possibly soon in Canada as well, have the right to have their data deleted. This is referred to as “the right to be forgotten”. This needs to be worked into the app’s policy as well if you have users in the EU. The policy needs to explain the data retention and deletion policies and describe how a user can revoke their consent.
Making sure your apps comply with these new policy requirements will not only allow you to avoid issues with Apple, but will go a long way to ensuring your app is in compliance with the law across multiple jurisdictions. It also helps create a relationship of trust between your company and its customers.
While it may be tempting to mine the data collected through your app, data collection has to be done carefully and with consent of the users. Today’s privacy landscape goes a long way toward protecting consumers. If your policies run afoul of this new trend, you risk public condemnation and a loss of consumer confidence in your business model.
Whether you already have some iOS apps, or you’re considering building some, it’s important to talk with an expert in privacy and data management. This will ensure your plans and strategies are consistent with current and emerging policies.