Apple’s New App Data Collection Rules

Home » Blog »


Share on facebook
Share on twitter
Share on linkedin

Get a Free Compliance Review

Our trusted legal counsel can help ensure your business stays compliant.
  • This field is for validation purposes and should be left unchanged.
Print Friendly, PDF & Email

June 19, 2018 

App Data Collection Rules

Two weeks ago, Apple Inc. (“Apple”) attempted to quietly change its app data collection rules in its App Store to restrict how app developers use, transmit, share, and even sell iPhone owners’ personal information. In a regulatory and societal climate of increased concerns over the privacy and security of personal data, Apple tightened its app data collection rules in order to provide users with a greater ability to control their personal data in the App Store marketplace.

What do Apple’s changes entail?

The influence of the General Data Protection Regulation (“GDPR”)—recently enacted in the European Union (“EU”)—is clearly having an impact in the United States, as domestic companies revise their personal data collection, use, sharing, and storage policies—regardless of location. In fact, the State of California has proposed the California Consumer Privacy Act, reflecting many of the core data protections contained in the GDPR, in particular, providing consumers with better control and access to their data.


On its own volition, Apple revised its App Store Review Guidelines to prevent app developers from engaging in certain app data collection activities in the future. Importantly, and irrespective of whether app developers obtain consent from iPhone owners, app developers are now prohibited from: (1) building a database of iPhone owners’ digital address books; and (2) sharing databases with third parties and/or selling that information. Further, app developers are restricted from collecting and sharing personal data without permission from users and “must provide [users] access to information about how and where the data will be used.” In addition, the new app data rules prevent app developers from:

  • using consent to access data—such as an address book—for one purpose, only to be used for another purpose without obtaining additional consent;
  • sharing data with third parties, unless the data is used to improve the app or for advertising purposes;
  • collecting information regarding other apps that are installed on a user’s device;
  • sharing with third parties any data collected from Apple Pay for any purpose other than to “facilitate or improve delivery of goods and services;” and
  • contacting people using information collected from a user’s contacts unless the user explicitly consents, on an individualized basis, and the developer provides a clear description of how the message will appear and who the message is from.

Apple’s new app data collection rules appear to align with Apple’s stated philosophy to forgo the monetization of customer data.  

Repercussions for App Data Collection Rule Breakers

For those app developers who disregard Apple’s new rules, they run the risk of being: (1) banned from the App Store; (2) sued by Apple for violating its rules; or (3) sued by the individual whose information was improperly obtained. Given the new restrictive App Store rules, mobile app operators should review their app data collection policies and be sure to keep records of consent from their users.

If you are interested in learning more about this topic or need assistance with Apple’s new app data protection policy, please e-mail us at, or call us at (212) 246-0900.

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney.  Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.  

Attorney Advertising

Related Blog Posts:

Tips for GDPR Compliant Privacy Policies

Update on California’s Email Marketing Bill AB-2546

 FTC Updates Guidance on COPPA Compliance

Trending Topics

SMS Text Messages and the TCPA- Klein Moynihan Turco LLP

SMS Text Messaging and the TCPA

Print Friendly, PDF & Email

Short Message Service (SMS) text messaging has become a ubiquitous form of communication for people over the last decade.  Consequently, marketers and advertisers who are

Read More »