0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

apps for Apple will need GDPR compliant privacy policies - update yours now!

5 October 2018

From this week - if you want to continue to offer your app via the apple store you’re going to need to have a GDPR compliant privacy policy in place.

After updating its App Store Review Guidelines back in June to require that all apps, including those being submitted for testing, must have a privacy policy in place, Apple has recently announced to its app developers that as of 3 October 2018 it will be enforcing these new guidelines. This means that going forward, you will no longer be able to submit an app for distribution through the App Store or through TestFlight for testing without providing a privacy policy.

The guidelines require that the privacy policy must include certain information, which is similar to the Article 13 and 14 ‘right to information’ requirements of the General Data Protection Regulation (GDPR).

If your app already has a GDPR compliant privacy policy then you do not need to take any action, though we recommend that if you are not confident that your current privacy policy is GDPR complaint, that you seek advice on this as soon as possible, as there is a now a risk your app may be removed from the App Store.

If you are developing a new app or considering updating your existing app, you will need to ensure you have a GDPR complaint privacy policy to accompany it as soon as possible and in any event before you submit it to testing or the App Store.

Under Apple’s new rules you will only be able to edit your policy when you submit a new version of your app, so it is imperative you get your policy right and GDPR compliant the first time, if not you will be in breach of the GDPR and will also expose yourself to the risk of a complaint to the Information Commissioner’s Office.

In our view, it’s not surprising that Apple are taking this more proactive approach and will be reviewing privacy policies themselves before allowing new/updated apps onto the App Store, meaning if your policy is not compliant when submitted it may hold up or block your app making it on to the App Store altogether.

So what does a GDPR compliant privacy policy look like?

Under the GDPR, the requirements for what must be contained in a privacy policy are much more onerous than under the previous legislation. It’s not going to be sufficient to use a generic one - you’re going to need to make sure it sets out the following as they relate to your own app:

  • purposes for processing
  • legal basis for processing
  • recipients or categories of recipients of the data
  • retention periods
  • details of any transfers of data outside the EEA
  • details of individual’s rights.

If you’d like a GDPR compliant privacy policy for your app, or would like a review of your privacy policy for GDPR compliance, please contact us at GDPR@brownejacobson.com.

Written by Ella Greenwood and Tom Nanson

related opinions

Marriott International: a look behind the ICO’s £99m fine and what this means for corporate acquisitions

Last month, the Information Commissioner’s Office (ICO) announced notice of its intention to fine (NOI) Marriott International, Inc. £99m for infringements of the GDPR.

View blog

SFO fail to secure individual criminal convictions following Deferred Prosecution Agreement

On 16 July 2019 the Serious Fraud Office released details of the Deferred Prosecution Agreement reached with Sarclad Ltd in July 2016.

View blog

Supreme Court backs employers seeking to enforce restrictive covenants: Tillman v Egon Zehnder Ltd

The Supreme Court in Tillman v Egon Zehnder Ltd has determined that where post-termination restrictive covenants (i.e. “non-compete” clauses) in employment contracts go further than reasonably necessary to protect an employer’s business interests, it can apply the ‘blue pencil test,’ severing the offending words and leaving the remaining enforceable clause in place.

View blog

Discount rate remains negative

The much anticipated revision of the discount rate has arrived with the Lord Chancellor, David Gauke, announcing that it will be fixed at -0.25%.

View blog

mailing list sign up



Select which mailings you would like to receive from us.

Sign up