In July 2021, Google announced that it would update the data safety section applicable to apps on their Play Store. The company stated that these policies would come into effect in late April 2022, and it followed through on that declaration. Last month, numerous apps were removed from the Play Store for breaching Google’s updated data privacy and data processing policies.
After discovering that many publishers needed more time to adapt their apps to satisfy the new requirements, Google extended the deadline for compliance to July 20th instead. Therefore, if you intend to keep your app live on Play Store past that date, you must acquaint yourself with these policies and undertake measures to ensure compliance.
Updated policies
Developers must clarify what kind of user data their apps collect and elaborate on the measures that they have implemented to safeguard this data through protective mechanisms like encryption. This also applies to data that is collected or shared via third-party libraries or SDKs that are embedded within their apps. As such, it is important to evaluate your SDK providers’ published data safety policies to make sure they comply with Google’s new requirements. Recently, Google removed dozens of apps for hosting an SDK that collected sensitive data without user consent.
All this information can be provided on a form in the new data safety section within the Play Store Console. After submitting this form, your app information will undergo an app review process by Google. After verification, this information will be showcased on the store listing so that Google Play users are made aware of your data privacy and data sharing practices prior to downloading your app.
These policy changes apply to all apps on Google Play – including those on production, closed, or open testing tracks, as well as apps that do not collect user data. If Google discovers falsified information on your form, it will execute the required enforcement action (which includes removing the app from the platform and potentially banning the app for a specified time period).
- Be a part of the app itself – In addition to the app description and website
- Be displayed during regular usage without requiring users to access the menu or settings
- List the data being accessed or collected
- Describe how the data will be shared and/or used
- Accessible easily without having to read a privacy policy or terms of service
- Precede a page that requests user consent
The app’s user consent page must:
- Provide a clear and easily understandable consent dialogue
- Request affirmative user action (e.g., tick a checkbox, tap to accept)
- Not treat exiting the page as consent
- Not acquire user consent through expiring or auto-dismissing messages
The app’s privacy policy must:
- Provide a point of contact of the publisher for facilitating inquiries
- Disclose the types of sensitive and personal information the app accesses, collects, shares, and uses – as well as information on third parties that this data is supplied to
- Explain the publisher’s data storage and deletion policies
- Be clearly labelled as a privacy policy in the page title
- Be made available on an active URL and be non-editable.
How Quadrant can help you ensure compliance
Modifying your app to make sure it satisfies the updated data safety framework – by yourself – is certainly a daunting task.
However, you do not have to do this alone!
To promote data compliance and improve transparency between publishers, users, and vendors in the data economy, we created Quadrant’s Consent Management Platform (QCMP). QCMP comes in the form of a lightweight SDK that can be integrated with only a few lines of code and fulfils all the conditions that must be met for in-app disclosure and user consent pages.
QCMP also offers flexibility by allowing publishers to make amendments to consent forms without releasing app updates. It even has customised options that allow users to opt in or out of sharing data with specific 3rd party partners.
Google is a supporter of the IAB’s Transparency & Consent Framework (TCF) v2.0. Since IAB approves of QCMP – which evolves alongside data privacy regulations - publishers can benefit from the platform by keeping their apps safe. Moreover, apps that rely on ads-based monetization can attract top-tier advertisers with IAB approval.
QCMP stores all consent records on an immutable blockchain – which is why you’ll be ready if and when regulators audit your app.
To learn more about how to leverage QCMP for ethically monetizing user data, visit our knowledge base by clicking here.
Alternatively, fill in the form below and one of our consent management experts will get in touch with you.