During its Worldwide Developers Conference in June, Apple announced an upcoming requirement for developers to clearly communicate their apps’ privacy practices to users. This will be achieved through concise summaries displayed on each app’s product page within the App Store. As of today, these new app privacy labels are now live across all Apple App Stores, encompassing iOS, iPadOS, macOS, watchOS, and tvOS.

Apple began requesting developers to submit details regarding their privacy practices when submitting new applications and updates. However, the public display of this information on the App Stores commenced today.

These new labels are designed to provide Apple customers with a more straightforward understanding of the information apps collect, categorized into three distinct areas: data used for tracking, data associated with the user, and data not linked to the user. Apple clarifies that “tracking” involves connecting user or device data gathered from an app with data collected from other apps, websites, or even offline sources – such as data compiled from purchase receipts – for the purpose of targeted advertising or ad performance measurement. This can also encompass sharing data with third-party data brokers.

This development will bring increased visibility to the industry surrounding third-party adtech and analytics SDKs – essentially code from external providers that developers integrate into their apps to increase revenue.

“Data linked to you” refers to personal information connected to your identity, whether through your app account, your device, or other identifying details.

Apps may gather various types of data from users, including personal contact details (such as addresses, email addresses, and phone numbers); health and fitness information (obtained through APIs like Clinical Health Records, HealthKit, and MovementDisorderAPIs, or health-related research); financial information (including payment and credit details); location data (both precise and approximate); contacts; user-generated content (like emails, audio recordings, texts, gameplay data, and customer support interactions); browsing and search histories; purchase records; identifiers like user or device IDs; usage and diagnostic information; and more.

Developers are responsible for understanding not only the data their app collects, but also how that data is ultimately utilized.

For instance, if an app shares user data with a third-party, the developer must be aware of how that partner uses the data and for what purposes – such as displaying targeted advertisements, sharing location or email lists, retargeting users across different apps, or evaluating ad effectiveness. While developers must disclose data collection through Apple frameworks or services, they are not accountable for disclosing data collected directly by Apple.

Certain exceptions to these disclosure requirements exist, including data gathered through optional feedback forms or customer service inquiries. However, generally, almost all data an app collects must be disclosed. Even Apple’s own apps, not available on the App Store, will have their privacy labels published online.

Apps are also required to include a link to their publicly available privacy policy and can optionally provide a link to a page detailing their privacy options, such as managing data or requesting deletion.

The privacy information is presented on a dedicated screen within the app’s product listing, organized into easily understandable tabs that explain the types of data collected in each category, beginning with “data used to track you.”

Apple will not remove apps from the App Store for lacking this privacy information, but it will prevent apps from updating until their privacy details are listed. Consequently, all actively maintained apps will eventually include this information.

Apple’s implementation of privacy labels represents a significant advancement for consumer privacy and could set a new standard for data disclosure in app stores.

This move coincides with Apple’s own initiatives in the advertising technology sector, framed as a commitment to privacy. The company is prompting the adtech industry to transition from the IDFA identifier to its SKAdNetwork system – a change that has prompted Apple to postpone the transition from 2020 to 2021. The delay was reportedly to allow marketers time to adjust to potential revenue impacts, while also considering regulatory scrutiny regarding potential anticompetitive behavior within the App Store.

Facebook, for example, cautioned businesses that they could experience a 50% reduction in Audience Network revenue on iOS due to the changes removing personalization from mobile app ad install campaigns.

In response, Apple reduced its App Store commission to 15% for developers earning less than $1 million annually.

As these privacy changes unfold, Apple continues to leverage customer data to personalize ads within its own apps, including the App Store and Apple News. These settings are enabled by default but can be disabled in the iPhone’s Settings. App developers, conversely, will soon be required to obtain user permission before tracking their activity. Apple also operates numerous other services where it could potentially expand advertising in the future.

The consumer response to these new privacy labels will be closely watched. Apps that collect excessive data may see a decline in downloads as users become more cautious. Alternatively, consumers may overlook the labels, similar to their approach to other policies and terms of service.

Details regarding Apple’s privacy practices have also been published on a new website, Apple.com/privacy, which encompasses the App Store changes and outlines all areas where Apple safeguards consumer privacy.

These App Store updates were released alongside iOS 14.3 / iPadOS 14.3 and macOS Big Sur 11.1, which also include updates supporting Apple Fitness+, AirPods Max, the ProRAW format, and the privacy labels themselves.