Keypoint: App developers will need to navigate a new privacy questionnaire designed to provide users with an easy to understand presentation of an App’s privacy practices.
The privacy nutrition label is automatically generated based on a developer’s answers to a series of questions about the types of data the App collects (both first party and third-party collection), how each data type is used, whether the data is linked to the user, and whether the data is used for tracking purposes.
In the below post, we outline the four steps required by Apple.
Step 1: Identify Data Collected (including data collected by third-party partners)
The questionnaire covers fourteen categories of data: contact info, health and fitness, financial info, location, sensitive info, contacts, user content, browsing history, search history, identifiers, purchases, usage data, diagnostics, and other data. Many of those categories are broken down into specific data elements. For example, “contact info” contains the following data elements: name, email address, phone number, physical address, and other user contact info.
Apple makes it optional for businesses to disclose data that meets all of the following requirements:
- The data is not used for tracking purposes, meaning the data is not linked with third-party data for advertising or advertising measurement purposes, or shared with a data broker.
- The data is not used for third-party advertising, the business’s advertising or marketing purposes, or for other purposes (as defined by Apple).
- Collection of the data occurs only in infrequent cases that are not part of the App’s primary functionality, and which are optional for the user.
- The data is provided by the user in the App’s interface, it is clear to the user what data is collected, the user’s name or account name is prominently displayed in the submission form alongside the other data elements being submitted, and the user affirmatively chooses to provide the data for collection each time.
Step 2: For Each Data Element Collected, Disclose How It Is Used
With respect to data use, App developers will need to identify – on a data element by data element basis – whether the data is used for (1) third-party advertising, (2) the developer’s advertising or marketing, (3) analytics, (4) product personalization, (5) App functionality, and (6) other purposes.
Step 3: For Each Data Element Collected, Confirm If It Is Linked to the User’s Identity
Next, App developers must confirm whether each data element is linked to the user’s identity by the developer or any third-party partners. If the data element is covered as “personal information” and “personal data” under relevant privacy laws, Apple directs developers to answer this question in the affirmative.
Step 4: For Each Data Element Collected, Confirm If It Is Used for Tracking Purposes
Finally, App developers will need to confirm whether the data element is used by the developer or any third-party partners for tracking purposes. Apple defines “tracking” as “linking data collected from your app about a particular end-user or device, such as a user ID, device ID, or profile, with Third-Party Data for targeted advertising or advertising measurement purposes, or sharing data collected from your app about a particular end-user or device with a data broker.”