iubenda blog


Google Play’s Prominent Disclosure Requirements

🖋 This article has recently been posted/updated: October

If you’re an Android developer who publishes their apps to the Google Play Store, you might have been warned by Google with the following email subject: “Action required – Potential Google Play Policy Violation: 30-day warning” and asked to take steps to fix the violation.

This post may also be read in German “Googles “Erfordernis der deutlichen Offenlegung” für den Play Store“.

More specifically, you would’ve been told, “We’re contacting you because the apps listed at the end of this email handle or request personal or sensitive user data. Apps like this must comply with the Prominent Disclosure requirements of our User Data policy“.

Google goes on to tell you what needs to be done, “Action required: Make sure your apps fulfill the Prominent Disclosure requirements of our User Data policy. If these requirements are not fulfilled within 30 days, your app may be removed from Google Play. Alternatively, you can remove any requests for sensitive permissions or user data within your app. You can also choose to unpublish your app.

The good news up front: you’ve come to the right place. iubenda helps app and website owners with creating beautiful and professional privacy policies. These policies work even more beautifully for apps like built in the Android ecosystem.

This email seems to target slightly different issues than the one we looked at before about a missing privacy policy.

Let’s look at what else is inside the email and how you ultimately fix your problem.

Try the mobile privacy policy generator now

What are the steps to take?

The warning is being sent to you because may have a privacy policy in place, but it isn’t good enough. Here are some steps to take:

Summary of what’s wrong and how you can fix your problem (as presented by Google itself)

If you need to make changes to your apps, please follow these steps:

  • Read through the Prominent Disclosure requirements of our User Data policy.
  • Post a privacy policy within the app itself.
  • Sign in to your Play Console and post a privacy policy in the designated field on the app’s Store listing page.
  • Unless the user data is related to app functionality described prominently in the app’s listing on Google Play or in the app interface, you must display a prominent disclosure mechanism to users within the app, highlighting how their data will be used.
  • This disclosure mechanism must be shown before collecting or transmitting any user data.
  • This disclosure mechanism must require affirmative user action (e.g. tap to accept, tick a check-box, a verbal command, etc.) in order to accept.
  • If you have other apps in your catalog that handle sensitive user or device information, make sure they comply with these requirements as well.

The most important step to understand is the requirements under the Prominent Disclosure requirements in the User Data policy. 

Prominent Disclosure requirements in the User Data policy

In Google’s User Data policy you can find the requirements set out for special disclosures:

If your app collects and transmits personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.

Your in-app disclosure:

  • Must be within the app itself, not only in the Play listing or a website;
  • Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
  • Must describe the type of data being collected;
  • Must explain how the data will be used;
  • Cannot only be placed in a privacy policy or terms of service; and
  • Cannot be included with other disclosures unrelated to personal or sensitive data collection.

Your app’s request for consent:

  • Must present the consent dialog in a clear and unambiguous way;
  • Must require affirmative user action (e.g. tap to accept, tick a check-box, a verbal command, etc.) in order to accept;
  • Must not begin personal or sensitive data collection prior to obtaining affirmative consent;
  • Must not consider navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
  • Must not utilize auto-dismissing or expiring messages.

The point to understand is the following: Google apparently considers the collection of data that isn’t clear from your app page or from within your interface to be covered by this prominent disclosure policy.

This is a notice for your user in addition to your privacy policy and should ultimately link there for an explanation of the data processed. The data should not be processed until you have affirmative consent by your user. This is what you need to fix. 

You have two options: 

  1. remove the offending data collection
  2. properly inform via in-app disclosures and consent collection and link it to a proper privacy policy

By the way, adding Android permissions to a privacy policy is super easy with iubenda:

Android privacy policy generation on iubenda

  • Use our generator for mobile apps;
  • Add our service called “Device permissions for Personal Data access”
  • Choose all the other services you need for your app, add them to your privacy policy, then:
    1. Embed the privacy policy into your app or link to it from the app;
    2. Link to it from the Play Store page;
    3. Possibly link to it from your marketing website.

When you’re done with all of the above, resubmit your fixed app!

Generate a privacy policy for your Android app

P.s. if you’re interested you may read our more general post about privacy policy for Android apps. It contains additional information about how to structure and write a privacy policy from scratch.


How to fix Google Play Developer policy violation: Action Required *Policy issue*Privacy Policy for Android AppsPrivacy policy for OneSignal

About Us

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app
www.iubenda.com

Generate a privacy policy now

Ready in a few steps and built to meet the needs of both website and mobile app owners

Generate your privacy policy now
RSS FEED

Sometimes the best choice is to "just give it a try"

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate your privacy policy now