Apple looks to plug App Store privacy hole with new personal data policy

Apple App Store developers will have to clearly and explicitly disclose how users' personal data is used, secured and shared under a new privacy policy that comes into force next month.

From October 3, the new App Store rules will require developers to submit a privacy policy for all new apps and app updates before they can be submitted for distribution.

To ensure privacy policies aren't tweaked after apps have been submitted, Apple say the policies will only be available to edit when a new version of the app is submitted.

Developer guidelines for apps state that the privacy policy must be available within the app in an "easily accessible manner" and must identify which data the app collects, how it is collected and used.

The new policy also means apps must detail any third parties that data is shared with -- such as analytics tools, advertising networks, and third-party SDKs -- and must ensure these parties are also compliant with the new policy.

Under the terms of the policy, the app must also explain its data retention and deletion policies, as well as informing users how they can revoke consent or request their data be deleted.

SEE: IT pro's guide to GDPR compliance (free PDF)

While Apple doesn't mention it in the update, the new privacy policy sounds in line with General Data Protection Regulation (GDPR), the European Union privacy legislation that came into force in May this year.

At its core, the regulation is designed to reflect the data-centric nature of the modern world and to update laws governing personal data, privacy and consent across Europe accordingly.

Designed to provide users with more control over their data, the legislation applies to any organisation that does business in Europe.

Apple's new privacy rules have already claimed at least one victim in the run up to October 3 -- Facebook's Onavo VPN app has already been 'voluntarily' removed from the App Store based on a request from Apple.

A source familiar with the app said Facebook was able to use the free virtual private network to monitor how iPhone users used their devices outside Facebook.

The incident is another black mark against Facebook's privacy policies following the Cambridge Analytica (CA) revelations, which found that up to 87 million users had their data "improperly shared" by CA.

READ MORE ON CYBER SECURITY

• GDPR: What's really changed so far?
• Only 20% of companies believe they're actually GDPR compliant TechRepublic
• Google, Facebook hit with serious GDPR complaints: Others will be soon
• Hundreds of US news sites unavailable in Europe two months after GDPR CNET
• How Cambridge Analytica used your Facebook data to help elect Trump