Introduction of GDPR Leads to Apple App Store Privacy Policy Update

As of October 3, Apple App Store regulations will oblige developers to reveal how users’ personal data is used, secured and shared under a new privacy policy.

In the release published on the App Store Connect page to announce the new rules Apple did not refer to the new European Union General Data Protection Regulation (GDPR) as an guidning influence in the changes. However, the changes are similar to the requirements of GDPR.

Apple revealed in the statement that “starting October 3, 2018, App Store Connect will require a privacy policy for all new apps and app updates in order to be submitted for distribution on the App Store or through TestFlight external testing”.

GDPR is a new European Union data protection legislation, that became enforceable on May 25 2018, which was created to protect private personal data. The legislation relates to any organisation that does business in the E.U.

The changes to the App Store privacy policy state that developers will now have to file a privacy policy for all new applications and app updates before they can be made available. It will not be simply a case of amending the privacy policies once they have been given the ok for distribution as Apple has stated that changes to the policies will only be possible with the release of new versions of the particular app.

Other amendments include:

  • Making the privacy policy must be easily accessible in the app.
  • The privacy policy must state which data the app collects, how it is gathered and used.
  • Any third parties that data is shared must be listed, including analytics tools, advertising affiliates, and third-party SDKs.
  • The third parties included must also use the shared data in line with the new policy.
  • The app must also included data retention and deletion policies, as well as telling users how they can revoke consent or request their data be deleted.

This information was released comes just weeks before the annual Apple iPhone announcements so it is probably that there will be more changes announced to ensure that GDPR is not being violated.


About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas should has data protection and innovations such as telehealth.