Apple App Store Privacy Policy Changes After Enforcing the GDPR

From October 3, 2018, Apple App Store is going to enforce a new privacy policy regulation that app developers are required to tell users what they do with the collected personal data; how they protect and share it. This privacy policy for applications is required prior to distributing the apps on the TestFlight external testing or the App Store.

Although Apple made a statement on the App Store Connect site that the new European Union General Data Protection Regulation (GDPR) was not an influencing factor to this policy modification, the changes seem to follow the requirements of GDPR. The GDPR is a law drafted to safeguard personal information and was introduced beginning May 25, 2018. It covers all institutions conducting business in Europe.

Based on the new App Store rule, developers must have a privacy policy available with all new apps and updates before distribution. It’s not simply a case of modifying the privacy policies for apps okayed for distribution since Apple explained that policy adjustments will only be allowed when new editions of the application in question is launched.

This list gives the other likely changes in the rules:

  • The privacy policy need to be available inside the app.
  • The privacy policy must tell the user which data is gathered and utilized by the app.
  • There should be a listing of third parties to whom the obtained information is provided. The list can include advertising sites, analytics applications, and third-party SDKs.
  • The third parties have to abide by the new policy also.
  • The app need to provide users its policies on data retention and deletion, as well as the information needed should users wish to revoke their authorization or ask for the deletion of their information.

The statement on these changes was issued just a few weeks before the annual Apple iPhone announcements. Probably, there will be some other changes to follow to prevent GDPR breaches.

About Christine Garcia 1309 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at