Data protection for apps (incl. cookie checklist)
The requirements for collecting cookies and complying with data protection regulations worldwide do not only apply to websites. Mobile app compliance is just as important. And to comply with mobile app regulations, app developers and app owners need to be aware of the laws that apply to them and their users when processing personal data.
Personal data, a key issue in data protection law, is collected in many different ways with users’ consent when they use an app. They can be collected during account creation, location tracking, usage analysis or in-app purchases.
In this article, we take a closer look at how you can achieve compliance for your apps, specifically what important privacy laws like the GDPR require apps to comply with when processing personal data, and how cookies are used in mobile apps and the legal requirements that app developers and owners must meet to protect user privacy in this changing legal environment.
Let’s start with the basics!
Obtaining consent for mobile apps
What is obtaining consent for mobile apps?
When collecting consent for a mobile app, the user’s consent is obtained via a banner or notice, similar to a website.
Well, regulations like the General Data Protection Regulation (GDPR) in the European Union or the California Consumer Privacy Act (CCPA) in the United States require an app owner to obtain consent from its users before collecting their personal data and may process. In addition, the iOS or Android app must provide information on how it shares personal data with third parties.
The personal data that can be collected includes, but is not limited to, location data, contacts, device information or browser history. The following is an example of how a user can select or deselect the category of personal data that they consent to the processing of.
What is the difference between mobile app consent and website consent?
The basics of consent are the same for both mobile apps and websites. However, the main differences lie in the user interface and the platform.
- The platform: Mobile app consent refers to applications developed for mobile devices such as smartphones and tablets, which are typically installed and run directly on the device. Web consent, on the other hand, applies to websites and web-based services accessed through web browsers on different devices.
Due to the above factors, it is important that each CMP also provides the ability to create cookie notices that target different user interfaces and devices, such as browsers. B. mobile devices, can be adjusted.
👉 In a hurry? Then click here for a checklist with all requirements.
Does the General Data Protection Regulation (GDPR) also apply to apps?
Yes, the GDPR applies to mobile apps that collect, process or store personal data from individuals within the European Union (EU). Furthermore, the GDPR has an extra-territorial scope, meaning it applies not only to companies based in the EU, but also to organizations outside the EU that offer goods or services to people in the EU or monitor the behavior of people in the EU.
So if your mobile app collects personal data from EU residents, the requirements of the GDPR apply to you, regardless of where your app or business is based. Personal information includes any information that directly or indirectly identifies an individual, such as B. names, email addresses, location data, IP addresses or device identifiers.
Now that we know how important it is to get consent, here are a few pointers on how you can do the same.
How can I make my iOS or Android app GDPR compliant?
In general, to ensure your iOS or Android app is GDPR compliant, you can follow these steps:
- Learn about the GDPR: Understand the requirements of the GDPR and become familiar with the principles, rights and obligations set out in the regulation. Visit the official information page here.
- Know your data: Conduct a thorough audit of the personal data your app collects and processes across iOS and Android platforms. Identify the types of data, the sources of data collection and the purposes for which the data is processed.
- Determine which laws you need to comply with: Determine and document the legal basis for processing personal data under the GDPR. This includes obtaining the user’s consent, performing a contract, complying with a legal obligation, protecting vital interests, performing a task in the public interest or pursuing legitimate interests.
- Make sure you get user consent: Implement a clear and explicit consent mechanism in both the iOS and Android versions of your app to get user consent before collecting or processing any personal data. Users should be able to give specific consent for different types of data processing activities.
- Users should be able to exercise their rights: Allow users to exercise their rights under the GDPR, e.g. B. the right to information, correction, deletion and restriction of the processing of your personal data. Provide mechanisms in applications to allow users to easily exercise these rights.
- Third-Party Providers: If your application uses third-party services or SDKs that collect or process personal data, review their privacy practices and ensure they comply with the requirements of the General Data Protection Regulation. Enter into data processing agreements (DPAs) with these third parties.
Checklist: Cookie Banner Requirements for Obtaining Consent in a Mobile App
Is the cookie banner displayed clearly and prominently? The cookie banner should be easily recognizable to the user when they visit your mobile app.
Can users enable different types of cookies? Users should be able to specify the type of cookies they consent to. For example, offer the ability to enable or disable certain categories of cookies, e.g. B. essential cookies, functional cookies, analysis cookies or advertising cookies.
And that was it!
Mobile compliance for apps: When in doubt, start here
Make sure you provide your users with a legally compliant app (iOS or Android) that complies with GDPR (for EU) or US data protection laws . To make sure you don’t forget the above steps, we’ve compiled these tips into a neat visual checklist that you can download here for free !
Do you have a website and are unsure whether you are processing personal data? Or do you not know which data protection laws apply to you?
Then start here with our free website cookie crawler , which will scan your website and send you a list of recommendations straight to your inbox
*do schema markup