- 2 1. To be legally compliant
- 4 3. Helps in gaining Users’ Trust
- 5 4. It is the Most Important Part of an App
1. To be legally compliant
- European Union: The data protection law has been standardized through (GDPR), replacing the 1995 EU Data Protection Directive in 2018, encompassing all 28 countries under the EU. GDPR imposes stringent rules on the control and processing of personally identifiable information such as a person’ name, email id, physical address, phone number etc. These laws focus more on an individual’s identifiable information. So, the app developers must include details on what and how much of the users’ personally identifiable information they access and store.
If your app will collect, store or share personal data of its consumers, then you must comply with every rule and regulation mandated by various states and countries around the globe. This is because even if your company’s operation is confined to a single state or country, there is a significant probability that users of different jurisdictions will use your app.
Google’s policy strives towards helping the consumers understand what and how much data the developers collect, and why and how they are going to use it.
Here’s what Google had to say in their Developer Policy Center’s User Data guidelines:
You must be transparent in how you handle user data (e.g., information provided by a user, collected about a user, and collected about a user’s use of the app or device), including by disclosing the collection, use, and sharing of the data, and you must limit the use of the data to the description in the disclosure. If your app handles personal or sensitive user data, there are additional requirements described below. This policy establishes Google Play’s minimum privacy requirements; you or your app may need to comply with additional restrictions or procedures if required by applicable law.
3. Helps in gaining Users’ Trust
4. It is the Most Important Part of an App
- Who is the owner of the app?
- What data is being collected and how is it being collected?
- What is the legal basis for the collection of data? (for example, consent, necessary for the app to work, legally required etc.) This is mostly related to GDPR and EU Law; but even if you fall outside their jurisdiction, you still need to state why you are processing the personal data of consumers.
- What are the specific purposes for collecting this data?
- Will any third party collect data through widgets or integrations? Which third parties will gain access to the users’ personal data?
- What are the rights of the users? Can the users request you (owner or developer) to see their data to which you have access to, can they request you to rectify, delete or block their data? (This is mandatory as per most European regulations)
Camera, Contacts, Calendar, Microphone, Location, Phone, SMS, Sensors, Storage.
If your app collects and processes personal data of its users for reasons beyond the functioning of your app, then you must make an additional and conspicuous disclosure about this usage and must collect the user’s consent for the same.
Here’s what Google states about prominent disclosures:
If your app collects and transmits personal or sensitive user data unrelated to the functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.
Your in-app disclosure:
- Must be within the app itself, not only in the Play listing or a website;
- Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
- Must describe the type of data being collected;
- Must explain how the data will be used;
- Cannot be included with other disclosures unrelated to personal or sensitive data collection.
Your app’s request for consent:
- Must present the consent dialogue in a clear and unambiguous way;
- Must require affirmative user action (e.g. tap to accept, tick a check-box, a verbal command, etc.) in order to accept;
- Must not begin personal or sensitive data collection prior to obtaining affirmative consent;
- Must not consider navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
- Must not utilize auto-dismissing or expiring messages.