Keep in mind that Google plans to make some changes to its User Data guidelines in December 2023. These changes include requiring apps that allow users to create accounts to also allow users to delete those accounts. Additionally, all app developers will need to review their Data Safety Forms.
The Data Safety Form not only helps with compliance but also shifts some liability from Google to you if your app developer violates data privacy laws. So, it’s crucial to understand which data privacy laws apply to your app and provide accurate information for compliance. Your Data Safety Form undergoes review by Google as part of the app review process before it’s allowed to go live on the Play Store.
Google has recently updated its policy regarding sensitive permissions and Android apps. In a nutshell, this policy states that any application programming interface (API) requesting to collect sensitive information from users must be user-friendly and adhere to stricter guidelines. Moreover, the collection of sensitive data must be necessary to implement the current features or services your Android app offers.
Sensitive information includes data that can identify someone, such as usernames, email addresses, names, financial and payment information (credit cards), device location, SMS data, microphone, camera, phone book information (mobile numbers), and authentication information. This data is subject to stricter storage and consent regulations under various data privacy laws.
For instance, in the U.S., the Children’s Online Privacy Protection Act (COPPA) sets strict guidelines for apps targeting children. Data privacy laws impose rigorous requirements on entities processing data from young app users.
Some of the laws with broad reach include:
Under GDPR, you must inform users about who is processing their information, why it’s being collected, if the collected information gets shared with third parties, and how users can exercise their rights, such as requesting data deletion or withdrawing consent.
This law aligns with European GDPR but recognizes England’s separation from the European Union.
CCPA mandates that you disclose the types of personal information collected, the reasons for collection, and whether you share or sell it to third parties.
Follow these steps to add it: