While each country has its own definition and interpretation of privacy, it is widely considered a fundamental human right and, while the right to privacy is not absolute, its importance is not up for debate.
Every day, people share information about themselves online and leave traces. If you have developed a mobile app, you are most likely collecting personal information about the people that download it.
You may even be using that information for more than just its essential and functional purpose, in order to target your users with personalized advertising, for example.
Table of contents
What can be Considered Personal Information?
Generally, anything that could be used to identify an individual could be considered personal information. This may include names, addresses, dates of birth, IP addresses, geolocation, phone numbers, etc.
Required by Law
And it’s not because your company is based in a certain country that doesn’t have privacy laws that you can go without, you need to consider where your current and potential app users are located.
This privacy notice must be brought to the attention of users so that they can give their express consent before any personal data is collected and it must contain specific elements in order to be found GDPR-compliant.
These two examples simply serve to demonstrate what some laws across the globe require but many other countries also have their own specific privacy legislation (Australia, for example, through its Privacy Act) - it is crucial that you make sure that you are complying with the sets of laws and regulations applicable to your mobile app.
Required by App Stores
Apple App Store
Apple has set out detailed guidelines to be followed by developers creating apps for its App Store, one of which serves to reiterate the importance of user privacy.
Apple also emphasizes that user consent for data collection must be obtained - the purpose of collection, as well as how and where it will be used, should be clear and users must be able to withdraw consent at any time.
In addition to the above, some apps may have additional requirements either due to their nature or their target users - apps in the health, fitness, and medical industries, or apps intended for kids, for example.
Google Play Store
If you intend on making your app available to Android users through the Google Play Store, you will have to comply with the Google Play Developer Distribution Agreement.
Google furthers reemphasizes this requirement in its Play Console Developer Program Policy Centre, giving examples of what it considers personal and sensitive user data:
Like Google and Apple, Amazon includes a Privacy clause in its Developer Services Agreement.
As you can see, this means that an app that has access to personal user data and is to be made available on the Amazon Appstore has to have a privacy notice and obtain consent from the end-user in regards to the collection, use, transfer, and storage of this information, in addition to respecting applicable laws.
Required by Third-Party Services
If you are using any third-party tools or services on your app, you should look at what their specific requirements are when it comes to privacy.
Think for example of the following third-party services that are commonly used in mobile applications:
- Google Analytics
- Google AdSense and AdMob
- And many more
While the requirements may vary depending on the app store on which your product is available as well as the applicable laws in the countries in which you operate, there are some generally-recognized essential elements that should be included.
Your customers need to know the type of data that you collect about them when downloading and using your app and how you collect that data.
You should therefore be clear and break down what information they will be sharing with you: names, emails, location tracking, etc.
You should explain to your users how you are collecting their data on account creation, when completing in-app purchases, in the background, through cookies in an in-app browser, etc. This will help build a relationship of trust and cultivate a culture of transparency.
Purpose & Sharing
You need to tell your users why you need that information and what you are going to do with it, as someone may feel comfortable sharing personal information with your company for the purpose of using your app but not to be retargeted with ads later on.
You should therefore specify the purpose of collection as well as the legal basis for processing under the GDPR (if applicable) and indicate if you will be sharing that data with any third parties (such as advertisers, payment processors, authentication software service providers, etc.). This will ensure that you have your users’ clear and informed consent.
Data Storage and Protection
Privacy is a legitimate concern and no one wants their personal information readily available to everyone on the Internet.
You should reassure your users and explain how and where the personal information collected will be securely stored. This includes mentioning if you will be transferring, storing, or processing data in another country. It is always a good idea to let your users know that you take data privacy seriously and that you have strong measures in place to protect their data (such as encryption, restricted access, etc.).
You should also specify how long you will be holding on to that information and explain the process that they can follow to request a copy of the data that you have about them and/or request deletion.
Opting Out of Data Collection
Your users should know that they have data protection rights under applicable laws as well as the right to opt-out of data collection, you can explain how opting out may affect their experience on your app.
Your users should be able to contact you easily should they have any questions or concerns in regards to your data processing activities. It is good practice to include a contact form, email address, postal address, and phone number - this is also where you would include the contact information of your data protection officer under the GDPR.
Most apps have a Legal section under Settings where users can find a Privacy tab - you could display the full text of your policy directly under that section. This makes it easily accessible for your users and improves transparency.
Mobile Apps Privacy Policies Examples
Before even downloading the app on Apple’s App Store, potential users are warned that Spotify handles personal data and have the option to click on a hyperlink that leads to their website (that same hyperlink is also included in the app’s description).
They are then taken to the Privacy and Safety Center where Facebook, Instagram, and Messenger’s policy is consolidated. It notably goes through all the information that is collected by the three apps and addresses how it is shared with the user’s network, Facebook’s third-party partners, and within the Facebook group of companies.
Potential users have to actively click on those words to be served with a PDF type document that holds the company’s data protection, privacy, and cookies policy.
All of the companies mentioned above link to their respective privacy policies in their website footer, to make it easily accessible to potential and existing customers.
As we have seen above, this is essential in order for you to be able to make your app available for download on the major app stores, such as the Apple App Store, Google Play Store, and the Amazon Appstore. Note that you don’t need to have a different policy to fit each app store’s requirements, you should instead aim to have one that covers all eventualities.
- Updated on April 9, 2021