Requesting portability of data for users in the European Union
In the context of Article 6(9) of the European Union Digital Markets Act (EU Regulation 2022/1925), Apple has designed a process for users to request effective portability of certain data, including to third parties authorized by them. To use APIs that enable portability of relevant user data from Apple on behalf of users, as a third party within the meaning of Article 6(9) of the European Union Digital Markets Act, you’ll need to request access to the Account Data Transfer API.
Getting started
Get started with requesting access to the Account Data Transfer API by submitting the request form. You’ll need to be an Account Holder in the Apple Developer Program, and answer some questions about your business and your intended use of user data. This will include providing information on any risks to users identified by an investigation from a regulator or a court decision, as well as basic information like where Apple can reach you. If necessary, Apple may follow up for further information.
After your form is submitted
Once received, Apple will review the form you submitted and will aim to get back to you shortly.
The purpose of Apple’s review is to assess the potential impact on Apple’s obligations under applicable laws, including the European Union General Data Protection Regulation (EU Regulation 2016/679). The data that Apple may provide as part of the Account Data Transfer API is subject to obligations and restrictions under applicable laws. Apple is required to take reasonable measures to ensure that user data is not put in harm’s way.
Where your response is “Yes” to either of the first two questions of the request form – related to the sale or licensing of user data or relevant investigations – your request will be subject to additional review. The purpose of this additional review is to enable Apple to provide portability of relevant user data in compliance with its own obligations under applicable laws. If an additional review is required, Apple may reach out to you with additional queries. Apple’s additional review relates solely to the provision of data further to the portability request of the user. As an authorized recipient third party, you will be and remain entirely legally responsible for the processing of any user data you receive in cases which are found to be contrary to applicable laws.
- Sale or licensing of user data. If the intent of your request is to sell or license the user data requested through the API, Apple may need further information to comply with its own obligations towards its users. In this context, you may be asked to provide additional information to help Apple better understand how providing the data could affect users’ data protection and security rights. This includes whether you intend to anonymize data and whether and how you intend to transfer any personal data to third countries for which no EU Commission adequacy decision exists. This is to assess the legal means by which personal data collected in an EU country will be transferred outside the EU.
- Relevant investigations. Apple is obliged to take reasonable measures to ensure that it is legally authorized to provide the relevant user data, and that it does not facilitate any processing that would put user data at risk. This includes instances where Apple’s obligations under applicable laws may be impacted. Where you have been subject to an investigation or final court decision relevant to the specific processing of the user data which you are requesting to receive, Apple needs to understand whether there may be a material risk to the privacy of Apple’s users. If this is the case, Apple may be prevented from providing the relevant user data. You may still receive access to the API, for example if you have since remediated the issues.
Assignment process
After review, your app will be given access to the Account Data Transfer API that enables it to request portability of user data from Apple — unless our review indicates that there is a material risk to data protection rights or Apple’s own compliance with applicable laws which would prevent Apple from granting your request. To learn how to request user data using the API, view the Account Data Transfer API documentation.
If your request is rejected, you will be informed about the outcome of the review, including the reasons why your request was rejected. If you disagree with the finding of Apple’s review, you can contact us at dma-data@apple.com. Apple will then further review your feedback and get back to you.
Q&A
What categories of data are available through the API?
The data available relates to a user’s use of Apple’s App Store and includes information such as previous transactions and downloads. If you have any questions about the data made available in this API — including about how Apple applies privacy measures to protect user privacy and how we comply with our legal obligations — please contact us through Feedback Assistant by selecting the following option: Developer Tools & Resources > Account Data Transfer API > Data Request. To learn how to use Feedback Assistant, view the user guide.
Do I need to have a legal point of contact in the EU?
No, you do not. But we need a legal point of contact we can use in case of questions or complaints, including from users or other concerned individuals. This can also be a contact outside the EU. We will verify the details provided.
Can I get the access to the API even if I do not offer an alternative app marketplace?
Eligibility is not limited to providers of alternative app marketplaces. If you intend to use the Account Data Transfer API for the purpose of porting data to an alternative app marketplace, Apple will likely be able to expedite the review process.
Apple will also ask you whether you intend to use data for other purposes, so that Apple can comply with record keeping obligations and is able to respond to questions or complaints from users or other concerned individuals. Apple will keep your response on file and will follow up, for example where there are complaints from users, media reports, or if Apple becomes aware that providing portability of the relevant user data could conflict with applicable laws.