6 Things you Need to Know About Apple’s Privacy Questions Before Answering Them

One of the biggest headlines in the mobile marketing industry this year was Apple’s announcement that it was depreciating the IDFA (Identifier For Advertisers) as we know it. In fact, after WWDC 2020 it quickly became evident that Apple was serious about making data privacy a central tenet within the business. Apple also announced that as of December 8th, 2020 an app’s privacy practices must be published on App Store Connect when submitting new apps and app updates.

1. What are Apple’s Privacy Questions?

In a bid to push for increasing data transparency Apple are requiring that alongside the submission of new apps or app updates, businesses must provide information on the data types the app may collect and include whether that data is linked to users or used to track them. Your answers will be visible to the end-user and on the App Store listing. Users will be able to view an app’s privacy practices on the App Store before they decide to download the app on any Apple platform. 

It is already possible to enter your app’s privacy information in App Store Connect, however after December 8th it will become mandatory for all new apps and app updates.

2. What is Data Tracking?

We understand that attempting to define the data that is currently being tracked can be an arduous process. That is why we took a deeper look at how Apple defines ‘data tracking’.

Data tracking refers to data that has been collected from your app and is connected to a specific device or user, for instance linking the data to a device ID or profile. This data is then used either for targeted advertising, advertising measurement purposes or it is shared with a data broker.

3. A Practical Guide to Answering Apple’s Privacy Questions

When answering Apple’s questions, the first thing you will need to define is the different data types your app or third-party partners collect, for example User ID or phone numbers. You will then have to answer standardised questions for each data type. You will also need to have information on the development side too, including whether your team is tracking crashes or using phone numbers in the back-end. 

Most of the information required should already be disclosed in your privacy policy, which may be a helpful point of reference when filling out your answers. Some examples of questions you may be asked include:

  • Is the User ID linked to a particular identity?
  • Is the data collected a device level ID?
  • If you collect the user’s phone number, is it linked to a particular identity?

4. Data Privacy on the App Store

Data privacy is more than just the data your app collects. There are a few other factors you need to consider prior to answering the questions presented in App Store Connect:

  • You will need to identify all the data collected and tracked by you or your third-party partners (third-party SDKs like analytics tools, advertising networks, marketing automation tools or other external vendors)
  • Your app’s privacy practices should be compliant with all applicable laws and follow the App Store Review Guidelines
  • As your practices change, you are responsible for keeping responses accurate and up to date
  • You will be required to provide a privacy policy URL for your iOS app platform and privacy policy text for your tvOS app platform. A privacy policy is required for all apps and a user privacy choices URL is optional

It is also worth noting that your answers can be updated at any time and do not need to be submitted alongside an app update.

The responses you provide should represent your app’s data practices across all platforms. This means that if the app collects more data on one platform than another, you should include this in your answers.

5. What App Data Does not Need to be Disclosed?

When identifying which data you collect needs to be disclosed, you will need to know whether each data-type is linked to the user’s identity by either you or any of your third-party partners. As it stands, most data collected is linked to the user’s identity. However, there are measures that can be put in place before collection to anonymise it. This includes removing direct identifiers from your data before collection or manipulating the data so that not only is it not linked to the user’s identity before collection, it also cannot be linked back to the user later down the line.

There are some data types that meet all of Apple’s privacy guidelines and are thus optional to disclose. These include:

  • Data that is not used for any of tracking purposes
  • Data that is only linked to the end-user’s device and is not sent off the device in a way that could identify the user or device
  • Data that is not used for advertising or marketing purposes, by either you or a third party partner
  • Data that is shared with a data broker purely for fraud detection, fraud prevention or security purposes and this is done solely on your behalf
  • Data that is collected infrequently and is not part of your app’s primary functionality, this must also be optional for the user
  • Data that the user provides whilst using your app and it is made clear to the user what data is collected; the user must affirmatively choose to provide the data for collection upon submitting it each time

If the data collected by your app only meets some of these criteria, but not all, it must still be disclosed.

6. Examples of Data Collection Apple will Require you to Disclose

In general, if the data collected by your app does not fall under Apple’s privacy guidelines, including the criteria above, and applicable laws, then it will need to be disclosed. 

We have outlined some examples of data collection or tracking that will now need to be disclosed when answering Apple’s privacy questions:

  • Displaying targeted advertisements in your app based on user data collected from apps or websites which are owned by other companies 
  • Sharing device location or email lists with a data broker
  • Sharing any data which identifies the device or user, including emails, device ID or user ID, with a third-party advertising network that uses the data to retarget those users in other apps or to find similar users
  • Using a third-party SDK that combines data collected from your app with user data from other apps for advertising or advertising measurement purposes, even if this is not the reason behind your app using that SDK
  • Any data collected on an ongoing basis after an initial request for permission

As Apple continues to introduce more comprehensive data privacy regulations, we are likely to see Google and other big tech companies follow. Users are going to gain an increasing amount of control over the data they choose to share and how it is used, whilst data transparency will become increasingly prevalent within the mobile and tech industries. As users gain a greater understanding of how an app collects and tracks their data, it will be essential for app businesses to embrace data transparency and collect, track and share data responsibly.

If you have any questions in regards to Apple’s privacy guidelines or providing answers to the privacy questions, please get in touch with our growth team.

Make sure to sign up to our newsletter to get notified when we release a new blog post. Want to find out more about optimising your app and keeping up with the latest OS capabilities? Make sure to subscribe to our Mastering Mobile Marketing video series. You can also get in touch by visiting the Contact Us page. Follow us on LinkedIn, chat with us on Twitter @yodelmobile, and join our #AppMarketingUK LinkedIn group.

About the Author:

Sonia is the Marketing Manager at Yodel Mobile, a leading app marketing company. Assisting the agency growth efforts, Sonia regularly shares insights on the latest app marketing strategies, promoting sustainable and long-term growth.

You Might Also Like