Apple to roll out privacy 'nutrition labels'

App developers will soon be required to add privacy "nutrition labels" to their Apple App Store listings detailing how they intend to collect data from users. 

Apple first announced the concept, a bid to empower users to make informed choices before they download an app, at the Worldwide Developers Conference in June as part of a range of privacy features expected for iOS 14. At the time, Apple presenters compared the data disclosures required of app developers to the nutrition labels on packaged groceries.

But the feature did not form part of Apple's new operating system launch in September. 

The iPhone maker alerted developers that they will be required to disclose their data practices upfront in an update last week (November 5), ahead of the feature launch on December 8.

The feature is designed to make it easier for users to understand how apps track their activity. This information is currently available in privacy policies, but the average user is unlikely to trawl through pages of policy documents that often contain convoluted wording.

Under Apple's new rules, this information will be provided upfront in a clear and simple format within the App Store. In a mockup on Apple's developer website (see above or click here for a bigger version), the data practices are split into three buckets: 'Data used to track you', 'Data linked to you' and 'Data not linked to you'. Each section contains bullet point answers, with a link to the developer's privacy policy to find out more detailed information.

Apps will have to disclose all the data they and third-party partners (analytics tools, advertising networks, third-party SDKs or other external vendors) collect from a user, including contact information, health and fitness, financial info, location, sensitive info, contacts, user content, browsing history, search history, identifiers, purchases, usage data and diagnostics.

Each collected data type has to correspond to a particular purpose, such as advertising or analytics. Developers will also be required to identify whether each data type is linked to the user’s identity, and how the app or third-party partners use data to track users and, if so, which data is used for this purpose.

The only data collection practices that need not be disclosed are those that are not used for tracking, advertising or marketing purposes, or that are unrelated to the primary purpose of the app—for example an optional feedback form or customer-service request.

One potential issue with the new feature, is that Apple will not verify the veracity of the information disclosed by app developers. The tech company is relying on developers to be accurate and update the privacy labels if their data-collection practices change. This opens up the possibility of misrepresentation.