Privacy Nutrition Labels help people understand your app's privacy practices. Discover how you can take inventory of your current data habits and learn best practices for creating your app's Privacy Nutrition Label on your App Store product page.
Hi, I'm Ben, from Privacy Engineering, and welcome to Create your Privacy Nutrition Label. At WWDC 2020, we announced privacy nutrition labels to provide people with an easily glanceable and understandable summary about how the apps they use collect and use data. In this talk, we'll discuss strategies for creating an accurate label and highlight some definitions and examples to keep in mind as you build your label.
In each section, the categories of data collected are shown.
Alternatively, if data is not collected, an alternate label is shown.
From an app's product page in the App Store, you can also view a more detailed version of the nutrition label that includes the specific types of data the app collects and how that data is used.
Today we'll be looking at nutrition labels in more detail. We'll walk through the process for how to create your label in App Store Connect, and I'll share some resources along the way.
Additionally, we'll provide some more detailed definitions and examples to help you answer privacy questions for your app.
Let's begin with label creation process. To create your label, you'll be asked about what data your app collects, use cases for each type of data, and how that data is stored. You might want to start with creating an inventory of your app's features and data collection. An inventory can be a helpful resource for the next step, where you'll enter information about your app's privacy practices into App Store Connect. After you submit your label, and as you update your data practices, you should keep your label updated as appropriate.
Lets dive right in and look at how you can go about crafting an inventory for your app.
When you submit your label to App Store Connect, you'll answer some questions about how your app uses data. You'll be asked about the categories of data collected by your app, the use cases for the data, whether the data is linked to identity, and whether the data is used for tracking.
However, as a developer, you might not be thinking about data categories in your app. You're probably thinking about features, and if you're not sure where to start on building the nutrition label, list out your app's features.
Then consider what data powers each feature, including what data is retained and how that data is used. You can then keep this list as a reference for when you're asked to enter specific details into App Store Connect. We recommend finding a framework to document this information that works for your app, and you may have many strategies to build an inventory or other documentation.
We also recommend consulting internal documentation in this process.
Consider looking at your app's network traffic using App Privacy Report or a network proxy tool. You can use this information to learn what domains your app is contacting and follow up with the owners of those endpoints to understand how data is being used. Keep in mind that while a network audit may be helpful in discovering where your app sends data, it is not comprehensive, and you should use it in combination with other strategies.
You should also audit any data you retain on a server, such as by reviewing database schemas and checking what systems have access to data.
Additionally, make sure to check with any partners that may be processing your app's data, as you are responsible for declaring the collection practices of all data collected from your app, including data collected by third-party SDKs, analytics tools, advertising networks, or other external vendors.
Many SDKs provide documentation of their privacy practices, and some provide specific guidance for nutrition labels which you can use to ensure your label is comprehensive.
When building this inventory, you might also discover that there is data that you're collecting that you don't need. Inventorying your privacy practices can be a way to identify opportunities to make changes to your app's practices by minimizing data collection, processing data on device, and storing data not linked to identity.
For some new technologies you can use, see What's New In Privacy. Once you've built up an inventory or documented your data practices through your preferred process, you'll work though responding to the questions in App Store Connect.
In App Store Connect, account holders, admins, and app mangers can enter your app's privacy label. From your app's page, open the App Privacy section.
First, you'll be asked about whether your app collects data. Data is considered collected when it is transmitted off device in a way that is accessible for longer than to service the request in real time. So if you or any of your partners retain data about interaction with the app on a server, such as server logs, a user profile, or analytics, your app likely collects data.
We designed labels to describe all data apps collect. You should declare all data collected by your app, even if people agree elsewhere to the data collection or use.
We recommend working with legal counsel to evaluate those requirements. If you do collect data, you'll be asked to declare the categories of data collected from your app, such as email address, phone number, or payment info.
You'll then be able to preview your label in progress and provide more detail for each data category.
Let's work on phone number. For each category of data, you'll be asked to declare what use cases the data collection supports, such as analytics or product personalization.
You'll then be asked to disclose whether data is linked to a user's identity.
Data is considered linked to identity if it is associated with an account, device, or user profile. This can be an opportunity for you to evaluate whether you need to store data linked to identity, and whether you can store data in a way that isn't linkable to any account or profile.
Finally, you'll be asked whether each data type is used for tracking purposes.
"Tracking" refers to linking data collected from your app about a particular end user or device, such as a user identifier, device identifier, or profile, with third-party data for targeted advertising or advertising measurement purposes, or sharing data collected from your app about a particular end user or device with a data broker.
As mentioned earlier, nutrition labels are intended to reflect all data your app may collect, even for features where people using your app agree separately to data collection or use. Ensure you disclose any data categories used for tracking on your nutrition label. Additionally, as all tracking must be with permission, adopt App Tracking Transparency if appropriate for your app.
For more information about tracking, see Explore App Tracking Transparency.
Once you've submitted this information for all data your app collects, you'll be able to preview and publish your label. Your label will be published immediately, independent from any updates to your app.
Now that you've created your label, let's consider when you'll need to update it. You can update your label at any time, and aren't required to release a new version of your app. We recommend re-evaluating your app's label when releasing new features and on an ongoing basis.
As you change how your app uses data, ensure your label remains up to date. If you're adding new features to your app, implementing new or updated integrations with third-party partners or SDKs, or using already-collected data in new ways, make sure to evaluate whether any label changes are needed. Now that we've worked through the process of building your privacy nutrition label, we'll discuss some additional guidance around policy definitions and examples. All of this information is available in the Apple Developer documentation. Today I'll be highlighting a few examples based on our experience at Apple building nutrition labels for our own apps, and from some questions we have heard from developers.
You might wonder how to disclose use of IP address. IP addresses can be used for multiple purposes, including as an identifier or to infer approximate location. Our guidance is to declare the collection categories based on what the IP address is used for. For example, if you use IP address to show local content or for location analytics, declare location.
Another area to note is the categories including product interaction.
Product Interaction covers data collected about the user's interactions inside the app, such as information about which screens people open.
Browsing history refers to collection of activity that is not part of the app, such as an in-app browser. Search History is searches performed within the app for any content, both in the app or in in-app browsers.
Labels are intended to comprehensively describe the app's primary functionality and features encountered by all of your app's users.
However, there are certain types of collection that are optional to disclose. Collection that is infrequent, optional, and independent from the app's primary functionality, clearly discloses all collection at submission time, and has limited use purposes, for example, not used for tracking or advertising, may be optional to disclose.
Feedback forms and report-a-problem flows are some features that may meet these requirements.
Full details and requirements for the optional disclosure policy are available on the "App privacy details on the App Store" page in Apple Developer documentation. And that's a wrap! Here are four things to keep in mind while building your label. Make sure to reach out to all stakeholders working on your app to inventory your collection and ensure your label is accurate.
Remember to include all collection from your app, including from SDKs and other partners.
If applicable to your app, ensure you request permission for tracking, in addition to disclosing any use on your nutrition label.
Finally, when you update your app or change how you use data, ensure your label is updated.
Thanks for joining me today. Privacy Nutrition Labels are a way to build trust with people who use your app and help people understand how you use data. The Apple Developer Documentation and App Store Connect have even more information to reference throughout the process of building and updating your label.
♪ instrumental hip hop music ♪
Looking for something specific? Enter a topic above and jump straight to the good stuff.
An error occurred when submitting your query. Please check your Internet connection and try again.