To illustrate this guide I am going to use Wordbase, an app that recently started using iubenda and made a good impression with their implementation practices.
Minimal theory about privacy policies in apps
Data protection authorities have been working on improving the privacy situation in apps for a good while now. There's a fair amount of guidance and documentation to be found about that fact. This should not be a surprising development, mobile phones are becoming devices with access to our most intimate details. This trend will continue.
The basic premise is that when the use of your app involves processing of personal data of individuals, privacy laws will kick in. One of the consequences is the required disclosure of your data processing to your users and that information should be made readily available before a mobile app is downloaded.
To illustrate that, I will use a quote from Europe's Article 29 Working Party which is a sort of think tank regarding European data protection practices (emphasis added, you can view the paper in full here and mainly under 3.7.2 the form of the information):
The essential scope of information about data processing 1) must be available to the users before app installation, via the app store. Secondly, the relevant information about the data processing 2) must also be accessible from within the app, after installation.
As a joint controller with the app developers with regard to information, app stores must ensure that every app provides the essential information on personal data processing. They should check the hyperlinks to included pages with privacy information and remove apps with broken links or otherwise inaccessible information about the data processing.
Make sure your users can view the policy before the installation. They should also be able to view the "relevant information about the data processing" from within the app.
The Working Party recommends that information about personal data processing is also available, and easy to locate, such as within the app store 3) and preferably on the regular websites of the app developer responsible for the app. It is unacceptable that the users be placed in a position where they would have to search the web for information on the app data processing policies instead of being informed directly by the app developer or other data controller.
Make your policies available where people are viewing your app.
- the app store page
- within the app, preferably in the main settings view
- and on your promotional site that is connected with the app
Example Wordbase app:
Example Wordbase app on the App Store:
Since there are various app store systems out there, we've made a few guides to help you find your way around:
Example website Wordbaseapp.com:
All of this is really just a consequence of informing your users before their usage of your app and shouldn't be too hard to do. Yet so many developers/app owners don't do this consequently. Don't be one of them, do it right.