In short
For mobile apps, you should consider adding your privacy policy in 3 places:
- into the actual app (menu?);
- into the app store as a link;
- on the promotional website, if you have one.
The mere fact that privacy policies should not a be simple afterthought for developers and app owners has probably sunken in with most people by now. There are various reasons why you should add a privacy policy to your app, many of which can be traced back to California’s Attorney General and her efforts to do something about the situation for privacy in apps.
Where we still see a lot of potential for improvement at the moment is the way the privacy policy is displayed for an app. We always rejoice when we see a product using our policies in an efficient and fine way. Therefore, we’re now publishing a quick guide to showcase how you could effectively embed a privacy policy in your app.
To illustrate this guide we’re going to use Wordbase, an app that started using iubenda and made a good impression with their implementation practices.
- A bit of theory
- Privacy policy in the app
- Privacy policy on the app store page
- Privacy policy on your website
Minimal theory about privacy policies in apps
Data protection authorities have been working on improving the privacy situation in apps for a good while now. There’s a fair amount of guidance and documentation to be found about that fact. This should not be a surprising development, mobile phones are becoming devices with access to our most intimate details. This trend will continue.
The basic premise is that when the use of your app involves processing of personal data of individuals, privacy laws will kick in. One of the consequences is the required disclosure of your data processing to your users and that information should be made readily available before a mobile app is downloaded.
How should you link to your privacy policy in your app?
So let us move to this article’s main question: how should you link your privacy policy for your app?
To illustrate that, we’ll use a quote from Europe’s Article 29 Working Party which is a sort of think tank regarding European data protection practices (emphasis added, you can view the paper in full here and mainly under 3.7.2 the form of the information):
The essential scope of information about data processing 1) must be available to the users before app installation, via the app store. Secondly, the relevant information about the data processing 2) must also be accessible from within the app, after installation.
As a joint controller with the app developers with regard to information, app stores must ensure that every app provides the essential information on personal data processing. They should check the hyperlinks to included pages with privacy information and remove apps with broken links or otherwise inaccessible information about the data processing.
Make sure your users can view the policy before the installation. They should also be able to view the “relevant information about the data processing” from within the app.
The Working Party recommends that information about personal data processing is also available, and easy to locate, such as within the app store 3) and preferably on the regular websites of the app developer responsible for the app. It is unacceptable that the users be placed in a position where they would have to search the web for information on the app data processing policies instead of being informed directly by the app developer or other data controller.
Make your policies available where people are viewing your app.
At the very least, every app should have a readable, understandable and easily accessible privacy policy, where all the above-mentioned information is included. Many apps do not meet this minimum transparency requirement. According to the June 2012 FPF study, 56% of the paid apps do not have a privacy policy and almost 30% of the free apps.
Apps which do not, or are not intended for the processing of personal data, should clearly state this within the privacy policy.
Therefore add your privacy policy to:
- the app store page;
- within the app, preferably in the main settings view; and
- on your promotional site that is connected with the app.
Privacy policy in the app
On websites a privacy policy belongs in the footer or any other main navigation that is easily available from virtually any page. For apps, this is a bit more complicated because of space constraints, but mostly there will be a great spot in settings or navigation list.
Example Wordbase app:
Privacy policy on the app store page
This one is important. Make the privacy policy available before the download on the app store. The stores have dedicated link forms for this. iubenda makes this very easy, just grab the link for your generated privacy policy and paste it there.
To help you find your way around, we’ve made two guides for the most popular app stores out there:
Privacy policy on your website
At last but not at least, make use of your online pages and link to your privacy policy from your app’s page as well.
Example website wordbaseapp.com:
All of this is really just a consequence of informing your users before their usage of your app and shouldn’t be too hard to do. Yet so many developers/app owners don’t do this consequently. Don’t be one of them, do it right.
Generate a privacy policy for your app
Bonus tip: Privacy policy offline mode
Some privacy authority bodies request that a privacy policy be available within the app in offline mode. In that case, you would need to embed the privacy policy text in a view to be available without an internet connection.
With iubenda you’d just embed the policy in a view in your app and cache the content to stay available also in offline mode.
All the information on how to make your privacy policy available for offline viewing can be found here.