On October 6, 2021, Apple introduced a new guideline for App Store submissions. The implications of these requirements will pertain to any application owners who intend to submit new applications or update existing ones starting on January 31, 2022. 

From this date forward, applications that allow users to create accounts must also enable users to request account deletion within the application, including via social sign-on. This move significantly expands the jurisdiction of current privacy regulations from specific territories and residents to global App Store users.  

Register for the January 11 webinar: Operationalizing iOS App Account Deletion

Following the many privacy features and requirements Apple has introduced over the past 18 months — including privacy nutrition labels and the AppTrackingTransparency (ATT) prompt to “Ask App not to Track” — it’s clear Apple is taking global privacy regulations seriously by tightening its requirements around account deletion requests. 

This should come as no surprise. 

The tech giant has boldly promoted its privacy-first values for some time now, making it clear they prioritize the security of their customers. In addition, some of Apple’s direct competitors already offer the capability to unlink social sign-on, so it makes sense they’d release this feature, too.

Most regulations call for businesses to require their third-party vendors and partners to comply with data subject access requests (DSARs) and deletion requests. For example: 

  • CCPA’s “Right to Deletion”: A business must direct its service providers to delete related personal data as permitted by law. 
  • ICO’s “Right of Access”: An individual has the right to request the erasure of their personal data or the restriction of personal data processing with third parties. 

Apple may be anticipating stricter enforcement in the future. 

As a result, Apple intends to protect its App Store — with a projected $85.1B in revenue in 2021 — by requiring its service providers to operationalize compliance.

What Are the New iOS Account Deletion Requirements?

Starting January 31, 2022, everyone who submits apps, bug fixes, new features, or other updates to Apple must enable account deletion within the app interface. 

Approval will be contingent on the app providing an account deletion feature, link, form, or another method that initiates the process. The requirement applies to new and existing applications.

Apple’s new guideline also covers social media sign-ins, commonly known as social sign-on. Application owners must provide an easy method for users to disassociate the social media accounts they used to sign into the application.

Preparing for the New Apple Account Deletion Requirements

The compliance deadline is just around the corner, and application teams have a handful of weeks left to prepare for the Apple account deletion requirement.

Register for the January 11 webinar: Operationalizing iOS App Account Deletion

In addition, the holiday season often brings tech freezes from IT, and teams take well-deserved time off in December and January. As a result, the timeframe to pursue Apple’s required changes may be shorter than expected. 

To move forward quickly, teams need an accessible solution that will operate within existing applications and support a seamless transition to compliance. Otherwise, teams will run the risk of having their applications denied by Apple and experience disruptions to mobile app development roadmaps. 

Ideally, teams can also work with a solution that will provide guidance around the technical requirements for a timely review with the App Store. 

You shouldn’t stop there, though. In fact, you need to prepare now for a privacy landscape that will continue evolving. 

With Apple taking the first step, it’s probably safe to assume Google will release something similar for their Android devices. In addition, as consumers become more informed about their privacy rights, it will be essential to prepare for increasing volumes of account deletion requests. 

Businesses shouldn’t just view this as a one-off occurrence. Instead, they should prepare a broader strategy to adjust their plans for the long-term.

Preparing to Mature Your Privacy Rights Processes

If you own an app on the App Store, you may choose to comply with this update simply by adding a visible link for users to delete their account.

While that’s an acceptable way to meet Apple’s requirements, you’ll also need to be prepared to make sure the appropriate updates are made to your database. At the very least, the requested deletion will need to be removed from your identity platform. 

Forward-thinking app developers will take this update a step further by seeing it in light of their broader privacy program. For example, if someone requests account deletion from your app, it may be wise to remove them from additional subscriptions or data storage. This would include any vendors, third parties, or service providers who may have access to that account information.

Coordinating the removal of data presents challenges. You must maintain the integrity of the data, while also performing the deletion quickly. 

Automation provides a helpful solution for the new Apple account deletion requirements. By establishing action-based rules, mobile app developers can enable users to initiate account removal within the app interface in compliance with App Store requirements. In addition, you can set up automated rules for users to easily unlink social media account logins. 

OneTrust Privacy Rights Automation helps privacy teams comply with today’s requirements from Apple for account deletion. It also creates a foundation for more robust data deletion requirements across the customer journey as privacy regulations continue expanding.

With OneTrust Privacy Rights Automation, businesses can: 

  • Provide mobile-app developers with an out-of-the-box solution for account deletion 
  • Reduce the risk of apps not being approved by the App Store by providing the technical requirements and resources necessary to get through a speedy review process 
  • Expand customer relationships in the mobile landscape to include how their data gets handled offline
  • Support technical requirements of data deletion requests while meeting compliance requirements including legal hold, records of deletion, and secure methods of communication

Find out how easy it is to get started with OneTrust DSAR Automation. Request a demo today!

 

Further Resources:

Follow OneTrust on LinkedInTwitter, or YouTube for the latest on privacy rights automation.