Update
These articles might be relevant for you and help you out a great bit
- Update 12.9.2013: How to create a privacy policy for an iOS app
- Update 24.9.2013: Here is a comprehensive guide on COPPA and websites/apps
- Update 08.7.2014: Changes coming to App Review Guidelines with iOS 8
- Update 21.6.2016: App Store Review Guidelines completely redone prior to iOS 10.
- Update 5.9.2016: Now iMessage extensions and stickers have found their way into the guidelines
As Macrumors reports, there’s an impending change in Apple’s App Review Guidelines that’s related to the privacy policy topic and is relevant to all app developers out there:
Apple has updated its App Store Review Guidelines most notably revising the section regarding the protection of children’s privacy to get in line with the recent changes to California’s Children’s Online Privacy Protection Act (COPPA).
The primary goal of COPPA is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13 (an excerpt from the FTC).
COPPA’s new rules prevent developers from collecting information from children under the age of 13 without verifiable parental consent. While developers were previously limited from collecting information like name, address, and telephone number, COPPA now restricts access to photographs, video, and audio as well (get the full definition of What is Personal Information?).
17.3 Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children’s privacy statutes, but must include some useful functionality or entertainment value regardless of the user’s age
17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, persistent identifiers, the ability to chat, or other personal data) from a minor must comply with applicable children’s privacy statutes.
24.1. Apps primarily intended for use by kids under 13 must include a privacy policy.
24.2. Apps primarily intended for use by kids under 13 may not include behavioral advertising (e.g. the advertiser may not serve ads based on the user’s activity within the App), and any contextual ads presented in the App must be appropriate for kids.
24.3. Apps primarily intended for use by kids under 13 must get parental permission or use a parental gate before allowing the user to link out of the app or engage in commerce.
24.4. Apps in the Kids Category must be made specifically for kids ages 5 and under, ages 6-8, or ages 9-11.
The new section detailing apps for children under aged 13 specifies that such apps must include a privacy policy, may not include behavioral advertising, and must ask for parental permission before allowing children to “link out of the app or engage in commerce.” Apps in the Kids Category of the App Store must be made specifically for children “ages 5 and under, ages 6–8, or ages 9–11.