This article is more than 1 year old
Apple to require privacy policy on all apps
October iOS change reflects broader societal shift
Apple will require all apps developers to include a privacy policy that outlines what they will do with their users' data, starting October 3.
The new policy was announced this week on the company's developer forum and will affect all apps, including those under testing. As well as requiring a policy to exist, Apple also notes that a link to that policy can only be edited with a new version of an app.
Although Apple does not mandate what a privacy policy must say, it does have a set of privacy best practices and has a list of requirements for such a policy. They include identifying what data an app collects, how and what all the uses of that data are. Plus an app has to describe how a user can revoke consent or request deletion of their data.
Apple also requires app developers to confirm that third parties that they share data with will provide "the same or equal protection of user data as stated in the app’s privacy policy and required by these Guidelines." And it has limits on what an app is allowed to do.
That still leaves plenty of leeway for app developers to potentially misuse user data by simply declaring what they will do in their privacy policy. But the fact that Apple will only allow a link to a privacy policy to be changed with a software update does suggest that the company will be checking privacy policies for compliance as part of the authorization process.
Times a changin'
The change comes as a fundamental societal shift in privacy is taking place. Earlier this year, the European GDPR privacy legislation came into effect, giving users much greater say over what is done with their data. And California has passed similar privacy legislation that will take effect in 2020 – rules that tech companies are furiously trying to rewrite before it becomes locked down.
This is also the year that Facebook was embroiled in a privacy controversy over the data-sucking of Cambridge Analytica, which used a Facebook app to pull in personal details of millions of individuals who never installed the app but were simply connected to people that did.
Unlike Facebook, Apple has taken a consistent pro-privacy approach in recent years, not least in its fight with law enforcement over automatic encryption of user devices.
It has also signaled that it is prepared to act against app developers that break its privacy policies. Earlier this month, it booted Facebook-owned VPN app Onavo off the App Store for collecting information on other apps installed on a user's device.
In short, the world's most valuable company has made it plain that user privacy is something that it takes seriously. ®
Biting the hand that feeds IT
