Follow the 3-step guide
Privacy policies for mobile apps are a pain. Dark as night for many a developer/designer.
This 3-step guide addresses the WHY and WHERE about mobile privacy compliance.
Follow the 3-step guide
USA & more: California law requires mobile apps that collect personal information to have a privacy
Read more · Read more about Australia · Read more about Canada
European countries: Europe's data protection think tank says that the relevant information about the data processing must also be accessible from within the app, after installation. That way you make sure that the user does not have to search for it anywhere else.
Keep in mind that writing privacy policies for apps is special because of the small screen. Therefore you should:
As a last integration step into the app you may want to think about the special circumstances of the mobile ecosystem and bake in "enhanced measures".
Europe: The essential scope of information about data processing must be available to the users before
app installation, via the app store according to Europe's privacy think tank, Article 29 Working Party.
app platform, before they download the app.
App stores: The app stores themselves require privacy policies more and more often. This is part of a push by California's AG to get Amazon, Apple, Google, Hewlett-Packard, Microsoft, RIM and Facebook to improve the privacy situation in the mobile sphere.
App Store Review Guidelines · Google Play Developer Distribution Agreement · App Certification Requirements for the Windows Store · Amazon Appstore App Distribution Agreement · Firefox Marketplace Review Criteria
The Article 29 Working Party (Europe's privacy think tank) recommends that information about personal data processing is also
available, and easy to locate, such as within the app store and preferably on the regular
websites of the app developer responsible for the app.
On websites privacy policies usually go in the footer, where it can be accessed from every page.
P.S. It makes sense to include both the website's and the mobile apps data processing into the same policy in this case.
This guide is the result of my work at iubenda, but is intended to serve more than just this company's interests. Also, please understand that this isn't legal advice or creating a client-attorney relationship. If you want to be completely sure about what you're doing, then hiring a good lawyer is always the safest option.
Nonetheless, I hope this guide helps you on your way to privacy related compliance. Feedback is very welcome.