iOS Nutrition Labels: Your App Data Collection Policy

Earlier in November, Apple announced it was opening a section in its App Store Connect console for developers to start providing information about their app’s data collection policies, which will be shown in “nutrition labels” that will appear in app store product pages starting December 8, 2020. Today, we tell you more about these labels and what you need to do to be ready in time for their release.

The first step in new privacy efforts

Teased back in June 2020 during Apple’s WWDC event, this change is only the first step of several to hit the App Store in coming months after Apple announced customer privacy would be one of iOS 14’s main focus. Providing customers with more information about what personal data is collected, stored, and shared is an effort towards better transparency that has been dictated in part by Western regulators. However, Apple announced last June it would go much further than this step.

Specifically, Apple disclosed it would start limiting access to devices’ individual identifiers in iOS 14, thus preventing advertisers from collecting customers’ IDFAs until they had expressed explicit consent. Initially planned for the global release of iOS 14 (which occurred on September 14), this change was postponed to Q1 of 2021 after major pushback from app developers and advertisers who requested more time to adapt, nevertheless, it remains a major challenge app developers should prepare for.

Learn more about privacy and other changes coming to iOS 14 from our webinar with Phiture

Preparing your answers to Apple’s privacy questions

Concretely, developers will be required to provide the information shown in the nutrition labels by answering questions presented in the App Store Connect console before December 8th. In order to prepare these answers, Apple warns you should first gather information on data collection across all parts of your app. This means that if your app is available on iPhone, Apple Watch, Mac, and any other device supported by the App Store, you should provide the most extensive picture as to what data you collect. But more importantly, it means you should detail data collection from both internal services AND data collected and shared with third parties.

The spectrum for the types of data you collect that should be declared is very wide, which is why Apple started by listing criteria for disclosure exemption on its support page. Only data that is provided by the user in your app’s interface in an obvious effort to be collected, data that is only collected infrequently and not for the primary purpose of the app, and most importantly data that is not collected for tracking purposes such as advertising, advertising measurement or marketing is optional to disclose.

Any data that does not meet all these criteria is required to be disclosed, with information regarding its type (from obviously personal data such as contact information, location, user or device identifiers, and so on, to more generic data such as app usage and diagnostics which might be anonymized before collection), use (from advertising, marketing and analytics purposes to powering app functionalities and/or product personalization), and how it might be linked to a user (disclosing whether the data can be linked back to a single person or might benefit from specific privacy protections preventing such linking).

Apple lists no less than 32 different types of data that might be collected by app developers and should be disclosed to be mentioned in the upcoming privacy section of the store product page.

Last but not least, you will need to declare what data is subject to tracking, and linked with third-party data, whether for targeted advertising, advertising measurement purposes, or shared with a data broker. Only two exceptions apply to this rule: when the data is linked solely to a user’s device, and when the data is shared with a data broker for the sole purpose of fraud detection, prevention, or security purposes.

Finalizing changes & expected impact

Once you have prepared all answers, reporting them to Apple can be done per app in App Store Connect by Account Holders and Admins only. We advise you to make sure you have identified who in your company has this kind of access, since any app submission (new or update) will be blocked starting December 8th until the new privacy section has been filled. Once updated in App Store Connect, the data is expected to appear in a new section of your app store product page with the format that was unveiled during WWDC.

Privacy cards on the App Store product page were announced during Apple’s 2020 WWDC.

Conclusion

What then? Will the new privacy cards hurt store conversion rates? At this time, we do not anticipate they will have a substantial impact on app store conversion rates, considering:

• The majority of users coming from App Store Search and Browse download apps without even reaching the app product page.
• The new privacy section is likely to appear rather low on the app product page and should not be visible above the fold, meaning that only users scrolling down for detailed information on a given app would be likely to review it.

Nevertheless, these assumptions will have to be confirmed after December 8th, and it will be interesting to measure whether conversion might be affected differently from country to country depending on whether customers are more or less sensitive about privacy issues.