How to check if your app is compliant with privacy regulations

We often see confusion among app developers and website owners about how to ensure that their app is privacy compliant, particularly if it’s in use in multiple regions or globally.

If they achieve compliance with one regulation, like the General Data Protection Regulation (GDPR), for example, is that stringent enough to enable compliance with a similar law, like Brazil’s General Data Protection Law (LGPD)? And what about laws like the California Consumer Protection Act (CCPA) that use a different consent model?

Ensuring your app is compliant with current data privacy legislation comes down to fulfilling a number of fairly standard criteria, as outlined below. While these are based on the EU’s current regulations, they represent solid best practises, whatever jurisdiction you are under.

• Prior – any technologies not covered by legitimate interest [GDPR Art. 6(1)(f)] should only be loaded if the user has given their consent
• Explicit – consent must be given explicitly, e.g. through a click or other activity such as ticking a box. An implicit consent (“If you do not opt out we will consider you to have opted in”) is not valid
• Easy to opt out – the user’s consent must be as easy to withdraw as it was to give
• Freely – consent must be given freely, and access to services not technically necessary to provide the service must be possible without consent
• Granular – the reason for the data collection must be explained in a detailed, granular manner; a general consent is not valid
• Informed – all relevant information, such as the purpose of the data processing and the name of the entity doing the processing, must be available to the user at the point of asking for their consent
• Documented – the app or website operator must be able to prove they had consent and that the consent meets the requirements of a valid consent

As an app developer, what are the steps you need to take to achieve privacy compliance?

The first is to run a thorough assessment of the SDKs and third-party trackers running in your solution. This is essential in order to create a privacy banner that provides an explanation to users about what data the app collects and for what reasons.

iOS and Android versions of the same app will likely have different services integrated. On the iOS version, it might be 25 services, on the Android version, it could be 35. To display an accurate privacy banner for users on both the iOS and Android operating systems, and thus to be able to achieve privacy compliance, you need to know what those services are.

What kind of data does each service collect, how is it collected, and for what purposes? All of this information needs to be openly and transparently shared with app users before any data collection happens.

By doing so, to ensure the user understands the request, and demonstrating your commitment to their privacy and responsible data usage, you increase the likelihood of gaining the user’s consent for the data collection now, and in the future.

The Usercentrics Mobile App SDK can help you communicate your data collection practices to your app’s users by enabling you to:

• collect, store and manage user consent choices
• pass the information to the third-party technologies your app uses
• communicate your privacy practices to your app users with a customizable UI that respects your app design and branding
• optimize your app UI to increase trust and increase opt-in rates

If you have questions about how privacy regulations are applicable to your app and how to ensure you retain great user experience, we’re happy to help. Contact one of our experts today.