Data privacy and user consent are vital when developing and operating a mobile app or game. Without it, you risk breaking trust and breaching legislation.
Many mobile apps have already been penalized for not meeting the requirements of global data regulations like the California Consumer Privacy Act (CCPA), Brazilian General Data Protection Law (LGPD), ePrivacy, and the EU’s General Data Protection Regulation (GDPR).
GDPR came into effect in 2018, giving individuals control over their personal data and setting the pace for similar regulations around the world. It requires app owners to seek explicit consent from customers before they’re allowed to collect, use, or sell any personal data.
This means you need mobile app consent for data such as location, name, address, telephone number, biometrics, health, or financial data. It also covers cookie consent and any data that can identify an individual, like IP address.
Mobile apps and games have important reasons for gathering this data — often to improve functionality and deliver a better app experience. We’ll share five best practices for obtaining and managing mobile app consent.
What is mobile app consent?
Mobile app consent involves asking for explicit permission before accessing or using a client’s personal data.
Along with being a regulatory requirement, this is a cornerstone of building trust and loyalty with app users and mobile gamers. By clearly outlining what data is being collected and the purpose behind it — such as a personalized app experience, improved service delivery or access to special features — individuals can make informed decisions about their privacy.
Mobile app consent typically works by presenting clear, easily understandable choices regarding customer data.
This often includes a clear way to opt in or opt out of data collection for certain features, along with a detailed explanation of how data will be used and what security measures are in place to protect customer information.
5 top app consent best practices
Here are five proven strategies to navigate mobile app consent, so you can deliver an outstanding app experience while ensuring compliance.
Following these best practices will help you communicate with clarity, offer meaningful choices and respect customer preferences — to ultimately build a solid foundation of trust and transparency with your users.
1. Timing is everything: present disclosure at the point of request
An app user is far more likely to grant you permission to use their data if they understand exactly what you’re asking for and why you’re asking for it. They’ll be even more likely to do so if you make it clear what’s in it for them if they grant permission.
It’s recommended — and often legally required — to present disclosure when you request to use an individual’s data.
For example, let’s say your app is for a fashion retailer, and you offer a free home delivery service. If you ask a customer for consent to use their location data while they’re browsing men’s shirts, it likely won’t be clear why you need that data.
However, if you present that same consent request while the customer is checking out and arranging the delivery, your request will make better sense; you need their location data to provide the delivery service.
Being upfront, transparent and clear about the data you need — what’s in it for your users — helps to build trust and ensures your customers can make informed decisions.
2. Give the consumer the choice to decline consent
While we all want our mobile app users to grant consent, it’s important to provide a clear and simple way for them to decline. It should also be easy for individuals to change their mobile app consent preferences at a later date, as this is a legal requirement of some privacy laws.
And it’s a violation of GDPR to make consent a condition of use. If a consumer declines consent and that data is necessary to power a certain feature, then degrading that feature on your app is a better approach than denying full access.
Using the example from before, if a consumer declines your request to use location data and then realizes that they can’t see where their delivery driver is, they may want to change their mind and grant consent. Make this as easy for them as possible.
Under GDPR, mobile app consent must be explicitly stated, so be clear and transparent with your requests and offer both “accept” and “decline” options equally.
3. Request explicit consent for each use case in clear, friendly language
Usercentrics is engineered with a deep understanding of the unique requirements and challenges of native apps. We do all the hard work, so you don’t have to.
In the early days of the GDPR, some apps tried to gain user consent by writing vague or confusing consent messages. This is not a viable tactic.
Not only has enforcement ramped up, but consumers are far more knowledgeable about what data might form a part of any mobile app consent process — and what their rights are.
Being explicit, clear and transparent will help to build trust while giving your app users the best chance to make an informed decision.
When you use clear language that makes sense to your customers, they’re more likely to grant you consent to use their data. Google recommends writing your mobile app consent messages to the reading age of a 13-year-old. (Under many laws, 13 is the age when individuals can legally provide consent, rather than requiring a parent or guardian.)
4. Use disclosure prompts that look like your app and not like the operating system (OS) notifications
Your disclosure prompts shouldn’t look like OS notifications, as this may confuse your consumers. You want your customers to be clear that it’s your app — rather than Apple or Google — that’s asking to use their data.
Let’s refer back to the example of a fashion retailer mobile app. If a mobile app user understands that you, the shopping app, are asking for consent to use location data to track deliveries, there’s a good chance that consent will be given.
By comparison, if a user mistakenly believes that the OS is asking for consent for the use of location data, they may think they’re giving permission for all apps to use their location data, and decline.
To help clarify this, customize your user interface with a seamless look and feel — including fonts and colors that match your app. Then optimize your user experience and place your consent request where it makes contextual sense. Both will be possible with a good consent management solution.
5. Be transparent, clear and specific with your consent requests
Consumers are increasingly educated about their data rights, so trying to distract or confuse them is a risky business — both for user trust and regulatory compliance.
To build long-term, trusting relationships with your customers, be transparent, clear and specific in your consent request. The GDPR requires consent to be “freely given, specific, informed and unambiguous.”
Write in clear and simple language that’s easy to understand, as your mobile app users often won’t spend much time deciding to accept or decline consent. If your audience is global, being able to present information and requests in multiple languages is also valuable.
Be clear what users get out of the transaction in return for granting consent. People want to know what’s in it for them, so make sure all cards are on the table.
Read next: Do I need a user’s consent for retargeting?
Manage mobile app consent management with Usercentrics
Effective consent practices include asking for consent at the right time, allowing users to say no, using clear language for each request, making sure consent prompts match your app’s style, and being transparent and specific with your requests.
Also remember to use simple language that a 13-year-old could understand, as suggested by Google. While it’s good to keep things brief, detailed explanations are better if they help readers understand. Plus, if you’re sharing data with third parties, explain who they are and why they need the data.
Achieving privacy compliance need not be a headache. A CMP, such as the one offered by Usercentrics, can help you manage the processes of obtaining, managing and optimizing mobile app and website consent.