Digital privacy took another step forward this week as Google followed Apple and announced it will begin requiring app developers to provide far more information to users about the personal data they collect and share. Specifically, in its “pre-announcement,” Google said its Play Store will “help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security.”
Beginning in January 2022, developers will be required to disclose:
- The extent of an app’s security practices, like data encryption
- Whether the app follows the Google Families policy
- The specific types of data collected and how each is used
- Whether app needs the data to function
- Whether users have a choice in sharing personal data
- Whether the information in the app’s safety section is verified by an independent third party
- Whether the app enables users to request data deletion, if they decide to uninstall
As with Apple, Google will make developers responsible for providing truthful content and updating it regularly.
Google’s so-called “privacy nutrition label” includes an important new transparency requirement – consumers know whether the information provided in the “privacy nutrition label” has been verified by an independent third party. IDAC has long advocated for periodic third party auditing of apps and hopes that the new transparency requirement will incentivize app developers to adopt independent auditing as a best practice.
As we noted in our Apple Privacy Nutrition Labels policy brief, this is an important start, but given the scope and complexity of the challenge, it is just a start. It’s the beginning of the answer but it’s not the complete answer.
For Apple and Google’s nutrition labels to meet their promise, the companies must ensure users know about the new rules, that the labels are easy to find and understand, and that they take steps to ensure the labels are accurate, including auditing and rigorous oversight.
If they don’t want to continue to get plucked apart under the self-reporting regime, platforms need to make additional enhancements to make these labels work, to ensure there is proper oversight and penalties for those who don’t follow the rules.
As a digital watchdog, IDAC intends to continue to use its investigative skills to add an additional layer of accountability to the apps ecosystem.