GOOGLE PLAY STORE DEVELOPER? Comply with new privacy rules or risk getting purged

Beginning in February, Google has been sending notices to app developers that Google intends to limit the visibility of (i.e., remove) Google Play Store apps that do not conform with Google’s current User Data policies. An app would be in non-compliance with these policies if (1) it does not have a privacy policy, (2) the privacy policy it has does not conform to Google’s requirements, or (3) the information gathering activities either do not conform to Google’s requirements or are not properly reflected in the privacy policy or elsewhere.

app-store-1174440_1920.jpg

What's going on?

Google has not made a public announcement of its intentions, but has instead so far limited itself to sending notifications to specific app developers. However, it is clear that this is all a precursor to a massive purge of apps from the Play Store. The primary targets are the plethora of zombie and low performing apps clogging the Play Store. However, other legitimate apps could also get swept away during this purge.

The privacy requirements that must be complied with as stated in the current User Data policies include:

  • There must be transparency has to how you handle regular user data, such as data about a user, and data collected about a user’s use of the app or device.
  • This transparency applies to what is collected and how the user data is used, and shared.
  • The actual collection and use of the user data must be consistent with the disclosure to the user.
  • If personal or sensitive user data is collected (including personally identifiable information, financial and payment information, authentication information, phonebook or contact data, microphone and camera sensor data, and sensitive device data), then the app must also (i) post a privacy policy in both the designated field in the Play Developer Console and from within the app itself and (ii) handle the user data securely, including transmitting it using modern cryptography (for example, over HTTPS).
  • If your app collects and transmits personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, the app must prominently highlight how the user data will be used and have the user provide affirmative consent for such use. This requirement is in addition to the contents of the privacy policy.
  • The privacy policy must, together with any in-app disclosures, comprehensively disclose how your app collects, uses and shares user data, including the types of parties with whom the data is shared.

Our recommendations: 

  1. If you don’t have a privacy policy, quickly create one that complies with all of the requirements of the Google User Data Even if you don’t think you are handling personal or sensitive data, and therefore are not required to have a privacy policy, it would still be advisable for you to have a privacy policy in order to avoid any issues with Google.
  2. If you already have a privacy policy, then review and revise it if necessary to conform with Google’s requirements.
  3. Verify on a regular basis that your privacy policy accurately reflects your data collection, use and disclosure
  4. If you need additional disclosures beyond the privacy policy, as mentioned above, then get those into place.
  5. Post your privacy policy in both the designated field in the Play Developer Console and within the app itself.

We can help

If you need any assistance preparing or reviewing your privacy policy or disclosures, or have questions about complying with the Google User Data policies, please contact us. In most cases, we are able to prepare privacy policies for a very reasonable flat fee.

You can schedule a free consultation via this button or contact us using the contact form below.

SCHEDULE A FREE CONSULTATION NOW

 

Share This Story, Choose Your Platform!

William Galkin manages GalkinLaw. Mr. Galkin has dedicated his legal practice to representing Internet, e-commerce, computer technology and new media businesses across the U.S. and around the world. He serves as a trusted adviser to both startup and multinational corporations on their core commercial transactions.