Apple requires privacy policy metadata for all App Store submissions from October 3

By Malcolm Owen

Developers must include a link to their privacy policy in the metadata for their app, according to a new rule issued by Apple last night, one that extends the existing requirement for apps with subscriptions to all new apps and updates to exiting apps pushed to the App Store.

The change to the App Store Review Guidelines on Thursday night, under section 5.1.1 Data Collection and Storage, specifies that developers include the privacy policy link in the App Store Connect metadata field, as well as within the app in an "easily accessible manner."

Previously, the rule to require the privacy policy link only applied to apps that require a subscription, meaning it didn't apply to producers of completely free or paid apps without subscriptions. The change, which will take into effect from October 3, applies to all new apps and app updates, including those which do not require a connection to the Internet to function.

This change is a requirement for all apps "submitted for distribution on the App Store or through TestFlight external testing," the notice advises.

The privacy policy must clearly and explicitly identify any data the app or service collects, how it collects the data, and all of the uses of that data. It must also confirm that any third party that the data is shared with will provide the "same or equal protection of user data" as stated in the app's privacy policy.

The details of how data is retained and any deletion policies also have to be advised in the privacy policy, including how a user can revoke consent and request deletion of their data.

Developers can add or edit their privacy policy for the App Store by accessing My Apps within App Store Connect, select their app, click App Information under App Store, and add the information into the page. For TestFlight, developers have to access My Apps again, then select TestFlight then Test Information, before entering the privacy policy data.

The move to improve how users can see the privacy policy of apps follows after criticism of major tech companies in how they use user data. One major example of this kind of misuse is the Cambridge Analytica scandal, which saw Facebook user data being collected and used for political means against the social network's guidelines.

User privacy continues to be a major topic for Apple, with the company insisting it is transparent in any data collection it performs, as well as minimizing what data is acquired and working to disassociate it from the user. In statements about its privacy policies, Apple repeatedly affirms "The customer is not our product," and that its business plan does not depend on collecting such personally-identifiable information, typically used for advertising purposes.