Apple has recently launched an update to its App Store Privacy Labels guidelines to give developers more information on how to answer the questionnaire.
App Privacy Labels became publicly viewable to users with the 12/4/21 launch of iOS 14.3. Nicknamed “Privacy Nutrition Labels,” they allow users to get a simple overview of the data an app collects from them, how it is shared with third parties, and why it is shared.
The announcement was made to developers in late 2020 that all new apps and updates must include App Privacy Labels after December 8th. Across the Apple Developer forums and other communities, many developers expressed concern about how to best answer these newly required questions. Would filling them out “wrong” result in a penalty? Does this question or that question actually apply too me, or to my third party SDK?
While Apple made efforts to have the App Privacy questionnaire flow as a series of simple questions to answer, these questions often brought up new ones. Fortunately, Apple has updated their documentation with this in mind to help developers more accurately fill out this newly required field.
Additional Guidance Available
Apple’s recent changes clarify some of the questions and edge cases inherent to the questionnaire. Clarification includes subjects such as:
More information about data types
More information about data collected in web views
More information about data entered into documents or other types of files
New information about banking, health and more
In case you haven’t read up on the App Privacy Labels documentation since right before it was required in early December, here are the key before & after changes to the page.
Recent Edits
Data Collection
Then:
You’ll need to know the types of data that you and/or your third-party partners collect from your app before answering the questions in App Store Connect.…If a data type collected by your app meets some, but not all, of the above criteria, it must be disclosed in App Store Connect.
Now:
The purpose of the label is to help your customers understand what data is collected from your app and how it is used. To complete that, you’ll need to know the types of data that you and/or your third-party partners collect from your app before answering the questions in App Store Connect. Keep in mind that even if you collect the data for reasons other than analytics or advertising, it still needs to be declared. For example, if you collect data solely for the purpose of app functionality, declare the data on your label and indicate that it is only being used for that purpose.…Data types must meet all criteria in order to be considered optional for disclosure. If a data type collected by your app meets some, but not all, of the above criteria, it must be disclosed in App Store Connect.
Types of Data: Gameplay Content
Then:
Gameplay Content Such as user-generated content in-game
Now:
Gameplay Content Such as saved games, multiplayer matching or gameplay logic, or user-generated content in-game
“Other User Content” clarification
Then:
Mark "Other User Content" to represent generic free form text fields and "Audio Data" for voice recordings. You’re not responsible for disclosing all possible data that users may manually enter in the app through free-form fields or voice recordings. However, if you ask a user to input a specific data type into a text field, such as their name or email, then you’ll need to disclose the specific type of data that you request.
Now:
Mark "Other User Content" to represent generic free form text fields and "Audio Data" for voice recordings. You’re not responsible for disclosing all possible data that users may manually enter in the app through free-form fields or voice recordings. However, if you ask a user to input a specific data type into a text field, such as their name or email, or if you have a feature that enables users to upload a particular media type, such as photos or videos, then you’ll need to disclose the specific type of data.
Recent Additions
Regulated Financial Services Disclosure
Data types that are collected by an app that facilitates regulated financial services and where the data collected meets all of the following criteria are optional to disclose:Collection of the regulated data is in accordance with a legally required privacy notice under applicable financial services or data protection laws or regulations (e.g., GDPR or GLBA)Collection by the app of that data occurs only in cases that are not part of your app’s primary functionality, and which are optional for the user.Such notice provides that data is not shared with unaffiliated third parties to market other products and services.Such data is not linked with third-party data for advertising purposes or shared with a data broker except for purposes of fraud detection or prevention or security purposes, or with a consumer reporting agency for credit reportingData types must meet all criteria in order to be considered optional for disclosure. If a data type collected by your app meets some, but not all, of the above criteria, it must be disclosed in your privacy section.
Health Research Disclosure
Data types that are collected as part of a health research study and where the data collected meets all of the following criteria are optional to disclose:The data is collected by an entity whose collection of the data is subject to an informed consent form (ICF) as part of a health research study that has been reviewed and approved by an institutional review board or ethics review board.All such data collection must follow the relevant App Store Guidelines and the data may not be used for tracking purposes.If the data type collected by your app meets some, but not all, of the above criteria, it must be disclosed in your privacy section.
Web Views, IP Information and more - Additional guidance
Your app has web views.Data collected via web traffic must be declared, unless you are enabling the user to navigate the open web.You collect and store IP address from your users.Declare the relevant data types based on how you use IP address, such as precise location, coarse location, device ID, or diagnostics.You offer in-app private messaging between users that are not SMS text messages.Declare emails or text messages on your label. Text messages refer to both SMS and non-SMS messages.Your app includes game saves, multiplayer matching, or gameplay logic.Declare Gameplay Content on your label.
Be sure to stay up to date on App Privacy Labels and other App Store Developer Guidelines. Keeping compliant could be the difference between getting a critical build rejected or approved.
Want to learn more about App Store Optimization? Contact Gummicube and we’ll help get your strategy started.