Apple Sets the Tone for In-App Data Privacy
The iOS app store requires an end-to-end workflow for in-app account deletion for any app that requires a customer to create an account.
The App Store Review Guideline 5.1.1 (v) has always required applications that collect data through account creation to offer account deletion in the app. But the new Apple account deletion requirement goes further by requiring a simplified end-to-end deletion workflow to complete in-app deletion, including all personal data.
According to the latest news and updates listed on Apple’s developer site, an organization must implement these exact requirements when creating and updating apps:
- The account deletion option should be easy to find in your app.
- If your app offers Sign in with Apple, you’ll need to use the Sign in with Apple REST API to revoke user tokens when deleting an account.
- It’s insufficient to only provide the ability to temporarily disable or deactivate an account. People should be able to delete the account along with their personal data.
- Apps in highly-regulated industries may provide additional customer service flows to confirm and facilitate the account deletion process.
- Follow applicable legal requirements for storing and retaining user account information, and for handling account deletion. This includes complying with local laws in different countries or regions. As always, check with your legal counsel.
The Challenge with Meeting Requirements
If an app requires a customer to create an account, that same customer needs to be able to easily request their data be deleted. Companies need to be able to confirm the account deletion, which includes the deletion of personal data. Once a consumer requests an account to be deleted, the data should no longer exist in any systems in order to comply with Apple requirements.
Non compliance can affect companies in a number of ways, including:
- Removal: Non-compliance can lead to the removal of iOS apps
- Lost Revenue: Reduction in financial opportunities to profit from users
- Loss Users: Decline in users if no longer present on the app store (in-app traffic)
- Regulatory Fines: The fine for non-compliance can be hefty
- Brand Trust & Reputation: Brand loyalty is hard to regain once consumers lose trust
For example, a dating app that requires user sign-ups tends to capture an abundance of personal information, especially information considered to be sensitive and personally identifiable data. So, it’s easy to see why Apple would implement these requirements given the liability on their end as a third party. But this is an example of what Apple does right; thinking about users’ privacy and needs will only build trust and increase brand loyalty.
How BigID Can Help Companies Meet Apple’s App Store Requirements
With BigID, organizations can improve their data privacy posture and align with evolving compliance demands. Companies can easily:
- Find their customers data to easily remove accounts
- Create a customized U/X with our privacy portal for customer request intake and completion
- Manage data rights request – from the right to access to deletion
- Fulfill account deletion requests by users with automated deletion workflows
- Communicate with all users the status of their data rights request
- Achieve compliance with Apple’s in-app deletion requirements
Schedule a BigID demo to learn more about how your organization can implement an end-to-end workflow for complete account deletion today.