June 19, 2018
Two weeks ago, Apple Inc. (“Apple”) attempted to quietly change its app data collection rules in its App Store to restrict how app developers use, transmit, share, and even sell iPhone owners’ personal information. In a regulatory and societal climate of increased concerns over the privacy and security of personal data, Apple tightened its app data collection rules in order to provide users with a greater ability to control their personal data in the App Store marketplace.
What do Apple’s changes entail?
The influence of the General Data Protection Regulation (“GDPR”)—recently enacted in the European Union (“EU”)—is clearly having an impact in the United States, as domestic companies revise their personal data collection, use, sharing, and storage policies—regardless of location. In fact, the State of California has proposed the California Consumer Privacy Act, reflecting many of the core data protections contained in the GDPR, in particular, providing consumers with better control and access to their data.
On its own volition, Apple revised its App Store Review Guidelines to prevent app developers from engaging in certain app data collection activities in the future. Importantly, and irrespective of whether app developers obtain consent from iPhone owners, app developers are now prohibited from: (1) building a database of iPhone owners’ digital address books; and (2) sharing databases with third parties and/or selling that information. Further, app developers are restricted from collecting and sharing personal data without permission from users and “must provide [users] access to information about how and where the data will be used.” In addition, the new app data rules prevent app developers from:
- using consent to access data—such as an address book—for one purpose, only to be used for another purpose without obtaining additional consent;
- sharing data with third parties, unless the data is used to improve the app or for advertising purposes;
- collecting information regarding other apps that are installed on a user’s device;
- sharing with third parties any data collected from Apple Pay for any purpose other than to “facilitate or improve delivery of goods and services;” and
- contacting people using information collected from a user’s contacts unless the user explicitly consents, on an individualized basis, and the developer provides a clear description of how the message will appear and who the message is from.
Apple’s new app data collection rules appear to align with Apple’s stated philosophy to forgo the monetization of customer data.
Repercussions for App Data Collection Rule Breakers
For those app developers who disregard Apple’s new rules, they run the risk of being: (1) banned from the App Store; (2) sued by Apple for violating its rules; or (3) sued by the individual whose information was improperly obtained. Given the new restrictive App Store rules, mobile app operators should review their app data collection policies and be sure to keep records of consent from their users.
If you are interested in learning more about this topic or need assistance with Apple’s new app data protection policy, please e-mail us at firstname.lastname@example.org, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Related Blog Posts: