On October the 3rd, the Apple Store will update its confidentiality policy. Developers will have to present how they collect and use user data. Is this a way to comply with the GDPR?
When Apple broke the news, they never mentioned the GDPR (General Data Protection Regulation). This drastic regulation controls how data is collected by websites and apps.
A confidentiality policy enforcing the GDPR rules
Yet, many elements of this new Apple Store confidentiality policy, that will enter into force on October 3rd, have a definite GDPR feel to them. From that date onward, all developers will have to explicitly disclose how personal data are used. And how they are protected and shared by the apps submitted on the Apple platform.
The app’s confidentiality policy will need to be « easily accessible ». It will identify the type of data gathered, the collection method and their use. All third parties shall be included (analysis tools, ads networks, third-party SDK). The third parties must also comply with the policy.
Users must be able to cancel their consent or remove their data hassle-free. Besides, the app’s confidentiality policy can only be revised if a new version is released. This is to prevent policy « updates » on the go.
Is Apple really a data protection champion?
The resemblance with the GDPR rules is troubling. These regulations are held as examples in private life and personal data protection, worldwide. So it’s not very surprising that Apple took its inspiration from it.
It ensures that all iOS apps respect the GDPR and gives a good image of Apple regarding privacy protection. That, in these troubled times for GAFA, is always good to rely on …