Privacy & Information Security Law Blog

Beginning in 2022, Apple and Google will impose new privacy requirements on mobile apps available for download in the Apple App Store and Google Play Store, respectively. As described further below, Apple’s new account deletion requirement will apply to all mobile app submissions to the Apple App Store beginning January 31, 2022. Similarly, Google’s new Data Safety section will launch in February 2022, and app developers will be required to submit to the Google Play Store Data Safety forms and Privacy Policies by April 2022.

In June of this year, Apple updated Section 5.1.1 of its App Store Review Guidelines, to require mobile apps that allow users to create accounts to also enable users to initiate deletion of their accounts from within the app itself. On October, 6, 2021, Apple announced that this new requirement will go into effect on January 31, 2022. Apple’s announcement encouraged mobile app developers to review any laws that may require them to maintain certain types of data, and to make sure that their apps clearly explain what data the app collects, how the app collects data, all uses of the data, and the app’s data retention and deletion policies.

In May of this year, Google announced a forthcoming policy, requiring mobile app developers to inform Google of their apps’ privacy and security practices by a completing a Data Safety form in the Google Play Console. The information provided will be displayed in a new Data Safety section on the developer’s Google Play Store listing, so that Google Play users may learn how the app collects and shares user data before downloading the app. Google recently clarified that the Data Safety section will become visible to users in February 2022. Developers may submit Data Safety forms now and receive early review feedback. If the form is approved by February 2022, the app developer’s Data safety Section will automatically be updated with the information provided; otherwise, the section will read “No information available.” All developers must provide a Privacy Policy and have their Data Safety section approved no later than April 2022.