« go to the main website

iubenda blog

iubenda's blog, privacy policy generator for websites and apps

Posted on by Simon Schmid


Yesterday was the big day for iDevice owners. iOS 8 was rolled out to devices across the globe.

A couple of weeks back I had already written about the implications iOS brings in the privacy realm. Apple has done some homework on privacy at large. Also, if you are a developer, do check out this presentation about "User Privacy on iOS and OS X" by members of the product security and privacy team. So what exactly are those changes I am talking about in terms of privacy policies?

In a nutshell iOS 8 was confirmed to incorporate requirements for privacy policies across the spectrum. This is what the aforementioned documentation says:

Important for all apps to have one, required for some app categories
• Apps that link against HealthKit
• Apps that link against HomeKit
• Third party keyboards
• Kids

Before iOS 8 only the kids category had an outspoken requirement for the privacy policy. This documentation has confirmed 4 categories before September, 9's keynote.

Updated App Store Review Guidelines

So today, on iOS 8 day two, I am double checking the updates in the App Store Review Guidelines for you. And in it you can find the following rules for your privacy (policy):

3.12 (Metadata (name, descriptions, ratings, rankings, etc.))

Apps should have all included URLs fully functional when you submit it for review, such as support and privacy policy URLs

17 (Privacy)

  • Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used

  • 17.2

    Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected

  • 17.3

    Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children's privacy statutes, but must include some useful functionality or entertainment value regardless of the user's age

  • 17.4

    Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children's privacy statutes, and must include a privacy policy

  • 17.5

    Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected

24.1 (Kids Category)

Apps in the Kids Category must include a privacy policy and must comply with applicable children's privacy statutes

25.7 (Keyboard Extensions)

Apps offering Keyboard extensions must have a primary category of Utilities and a privacy policy or they will be rejected

26.2 (HomeKit)

Apps using the HomeKit framework must indicate this usage in their marketing text and they must provide a privacy policy or they will be rejected

27.7 (HealthKit)

Apps using the HealthKit framework must provide a privacy policy or they will be rejected

29.4 (Apple Pay)

Apps using Apple Pay must provide a privacy policy or they will be rejected

Apple now requires 5 categories of apps to have a privacy policy

So, as not that much of a surprise, Apple has now added Apple Pay apps to the list of apps that are required by Apple to incorporate a privacy policy. Upping the number of categories to 5.

Of course, if you've come here and haven't seen iubenda before, generating privacy policies for apps is what we do. In 6 languages, auto-updating, and we spit out a link to your privacy policy for you in the app store right after the generation. 

Since you're here...

You should probably read:

Generate your mobile privacy policy in a couple of minutes

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid


I have recently written about a topic close to my heart: Twitter's Lead Generation cards and their requirement to add a privacy policy to the attached information. A similar requirement is true for the Twitter website tag and remarketing.

The "Twitter website tag" has its own policy and Twitter itself requires you to have a privacy policy for this product (or sufficient legal notice):

Advertisers using the website tag must provide sufficient legal notice of the following to site visitors:

  • How you are working with third parties to collect visitor/user data for conversion tracking purposes.

  • If remarketing is enabled, how you are working with Twitter to collect visitor/user data for remarketing purposes, and that visitors/users may find instructions on how to opt out of Twitter's collection of remarketing data here.

Apart from the information regarding your use of third party components for converison tracking purposes, Twitter requires the basic explanations of how remarketing works with you and Twitter as well the presence of the opt-out link in your documents.

That's exactly what we've done today. We've added a clause called "Twitter Remarketing" to our privacy policy generator ready for you to use and love. 

Since a couple of lines of Twitter advertising disclosure don't make a complete privacy policy, you may be profiting from our generator that generates a privacy policy in currently 6 languages based on the strictest privacy laws out there (Europe's with additions for the US and other countries).

Generate a privacy policy for Twitter Remarketing

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

The French CNIL (La Commission nationale de l’informatique et des libertés) has long been Europe's frontrunner when it comes to cookie compliance. In December 2013 the CNIL has published a guide to what it considers cookie compliance to look like

Now the beginning of October 2014 marks the start of automated compliance checks. The CNIL will start with looking at sites for compliance with their December 2013 recommendations. In particular this is what French site owners need to take a closer look at:

  • cookies are not placed or run before the user could express agreement;
  • the arrangements for obtaining consent by the user;
  • visibility, quality and simplicity of information about cookies;
  • the ability for the user to withdraw consent at any time;
  • the lifetime of cookies and validity of consent (which shall not exceed 13 months).

The loi Informatique et Libertés

The use of cookies normally requires the user's consent. In France this is a rule under the Data Protection Act (loi Informatique et Libertés, article 32-II de la loi du 6 janvier 1978 modifiée par l’ordonnance du 24 août 2011). Those requirements have their roots in European directives, called 2002/58/CE and 2009/136/CE.

The requirement can be reduced to this main statement:

It's necessary to inform users of the presence, purpose, the shelf life of the cookies placed in their browsers, and the means at their disposal to oppose it.

It's a general requirement for anyone that publishes on the web, via a site or application. 

What are the CNIL's recommendations?

The CNIL therefore adopted a recommendation which proposes to set up a 2-step procedure mandatory since February 2014.

First Step for cookie compliance in France

The visited site must have a banner informing the user that further navigation of the site constitutes an agreement for the installation and reading of cookies. This banner must specify the purpose of the cookies used and about the possibility to object (via a link to a dedicated page of the site). This banner does not disappear until the user has not continued elsewhere (another page or item on the site).

Second Step for cookie compliance in France

The user needs to be informed of the possibilities to accept or refuse all or some of the cookies in a simple and readable way.

To make these recommendations more accessible the CNIL has set up a page with code examples and frequently asked questions that are helpful in understanding the scope of the requirements:

The consent for the cookie's setting cannot exceed 13 months.

Which are the cookies that are exempt from the consent rule?

As is the case in other European countries, France has exempted certain cookies from the cookie consent rule. Those are the cookies strictly necessary to offer the service sought after by the user. Examples for such cookies are:

  • the shopping cart cookie;
  • session cookies or persistant cookies for a couple of hours of duration in certain circumstances;
  • authentication cookies;
  • session cookies created by a multimedia reader;
  • load balancer cookies;
  • certain first party analytics (PIWIK);
  • persistant cookies for inteface personalization.

This is it. It's going to be interesting how the whole cookie disclosure pans out in Europe. Btw. the CNIL has also announced that it is about to take part in another "Cookie Sweep Day" during the week of the 15th September. So stay tuned about another round of results regarding the use of cookies on the European web.

Use iubenda's cookie disclosure tool

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid


Surely by now this comes as no surprise to most (and even less to people who follow this blog closely):

a survey of over 1,200 mobile apps made by 26 privacy regulators from across the world has shown that a high number of apps are accessing large amounts of personal information without adequately explaining how people’s information is being used.

The above paragraph is posted verbatim from the news release published by the ico., the UK's data protection authority. The survey has been a conducted as a result of the work done by the GPEN, a body that incorporates several privacy authorities from across the world. I had priorly reported about the "mobile apps sweep day" by the GPEN, now the results are out.

The main takeaways are:

  • 85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information.
  • More than half (59%) of the apps left users struggling to find basic privacy information.
  • Almost 1 in 3 apps appeared to request an excessive number of permissions to access additional personal information.
  • 43% of the apps failed to tailor privacy communications to the small screen, either by providing information in a too small print, or by hiding the information in lengthy privacy policies that required scrolling or clicking through multiple pages. .

The release also shows what the regulators consider good practice:

The research did find examples of good practice, with some apps providing a basic explanation of how personal information is being used, including links to more detailed information if the individual wants to know more. The regulators were also impressed by the use of just-in-time notifications on certain apps that informed users of the potential collection, or use, of personal data as it was about to happen. These approaches make it easier for people to understand how their information is being used and when.

It's not hard to do better than 85% of these app owners. One tip is to get your privacy policy out there in front of people's eyes.

  1. Into the app's settings
  2. Onto the app store
  3. Onto the app's promotional site

Also you can easily generate a privacy policy with the help of iubenda's mobile app privacy policy generator.

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid


Apple has just released a new page to remind developers of the most commonly cited reasons for app rejections.

Among these reasons Apple has also found a spot for reminding developers of the binding inclusion of a privacy policy for apps for kids: "and if you're offering auto-renewable or free subscriptions or your app is in the Kids Category, you must also provide a link to your privacy policy."

Yet, this page should change fairly soon with the release of iOS 8, when Apple will broaden the set of apps that go from "recommended privacy policy" to "required privacy policy". 

As iubenda has reported before the privacy policy requirements for iOS 8 will likely look like this:

  • Apps that link against HealthKit
  • Apps that link against HomeKit
  • Third party keyboards
  • Kids

So far, unsurprisingly, the Firefox OS store seems to be the most strict about including privacy policies into your apps.

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

Google is pushing Google Analytics users to update to their Universal Analytics implementation so it's time to take a quick look into the changes that are coming with it in regards to privacy regulation compliance. Universal Analytics will eventually replace the prior technology.

How to set up Universal Analytics

Here's a basic guide on how to set up Universal Analytics by Google. What we are interested in is the User ID part. User ID is core to the new possibilities in Universal Analytics. Universal Analytics allows the connecting of various sessions to one user and therefore allows you to track the activity on your property more accurately. 

Google explains it like this: 

The User ID is a Universal Analytics feature that you can use to associate multiple sessions (and any activity within those sessions) with a unique ID. When you send an unique ID and any related engagement data to Google Analytics, all activity is attributed to one user in your reports. With the User ID, you can get a more accurate user count, analyze the signed-in user experience, and get access to the new Cross Device reports. Learn more about the User ID.

In the first step of the setup flow you will find a toggle and you'll switch it to ON to indicate that you’ve read and agreed to the User ID PolicyThis enables the User ID feature in your account.

Security and privacy in Universal Analytics (source)

Google stresses the fact that it hasn't changed its privacy stance. The existing safeguards like IP masking, the Google Analytics browser opt-out add-on, data confidentiality, and security still work on the new analytics.js. Additionally, the information stored in the local first-party cookie is reduced for the new analytics.js, the snippet can be implemented without a need for a cookie at all.

About User ID and privacy

The User ID feature processes pseudonymous data which presumably in many cases will only be legitimate in the case that the particular user had not objected to that kind of processing priorly. The user needs to be advised on their right to opt-out from this sort of data processing.

Google themselves impose the following requirements onto the user:

You will give your end users proper notice about the implementations and features of Google Analytics you use (e.g. notice about what data you will collect via Google Analytics, and whether this data can be connected to other data you have about the end user). You will either get consent from your end users, or provide them with the opportunity to opt-out from the implementations and features you use.

You will not upload any data that allows Google to personally identify an individual (such as certain names, social security numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset), even in hashed form.
Since Google's own opt-out link only opts you out from the specific device you are on, you will have to implement another manual way for people to opt-out. The easiest way to do this is to implement a process in which people can opt-out via email.

What are the steps included?

Quick Start Guide

  • Have a privacy policy in place and tell users about your use of Google Analytics and User ID;
  • Tell them that they can oppose to the collection in that way;
  • Do not send Google any data that allows them to personally identify your users;
  • Check out the other guides below for Google Analytics and Google Analytics in Germany

iubenda and Universal Analytics/User ID

We have introduced a slightly changed clause for the use with User ID soon allowing you to use this feature along with Google Analytics. The clause is called "User ID extension" and can be added to your iubenda privacy policy from the iubenda dashboard.


Posted on by Simon Schmid | Posted in Category

Leave a comment