On June 30, 2022 Apple will add new requirements impacting apps that support account creation to also support the initiation of account deletion. With tech freezes and mobile development roadmaps already in place, the last thing businesses need is rejection from the app store.
We recently had a webinar discussing what Apple’s new requirements mean for your business, and how to reduce the risk of not being approved by the App Store. In this article, we answer the most popular questions from the audience.
Watch the webinar: Operationalizing iOS App Account Deletion
Does the iOS app account deletion requirement apply to all in-app users? Even non CCPA/GDPR folks?
The account deletion function requirement as currently worded appears to apply to all iOS apps that get submitted for App Store approval. This would include new iOS and tvOS apps as well as any apps seeking approval for an update.
Do entities that are required by law to retain account information for several years (e.g., healthcare, banking) still have to comply with the iOS app account deletion requirement?
The current requirement is to allow for account deletion. As mentioned there may be exceptions and superseding retention requirements that the account information may be subject. As always it is recommended to consult with legal counsel on what information you would want to delete on the back end of an account deletion request.
Does the iOS app account deletion require data to be permanently deleted or can the data be kept anonymized and de-identified?
The current requirement is to allow for account deletion. There is no mention of anonymization or de-identification.
It’s not always easy to delete an account when you have a subscription that doesn’t end for another 11 months. What is the view on apps that also have a subscription component? Also, how do you manage account deletion via Apple/OneTrust when the customer has an outstanding obligation (e.g., an active account with a service/contract)?
OneTrust can automatically check a customer database to determine if there is an active subscription or outstanding obligation that should prevent the account deletion from being activated. Under these circumstances, OneTrust can respond back indicating exception and preventing the deletion from being executed. For customers where complete automation is not possible, a manual task can be triggered. Once completed, the in-app or email notification back to the end user can be delivered.
How can we authenticate the user to prevent fraud issues before deleting the account?
OneTrust can support app authentication as well as a variety of prebuilt verification methods to support authentication and help prevent fraud. Most customers will want to leverage the same method of verification used today when a user accesses an app prior to allowing for deletion.
Can you discuss any Android / Google Play requirements that are similar to the iOS app account deletion requirement?
At this time there is no known equivalent requirement for apps submitted to the Google Play store. OneTrust will continue to keep a pulse on the regulatory environment. OneTrust DataGuidance is a great way to subscribe to the specific regulatory and technology industry changes that may impact your business. For more information on how you can keep up with the latest changes check out DataGuidance.
How OneTrust Helps
OneTrust helps businesses provide seamless experiences for supporting account deletion requests within apps by providing dynamic forms to streamline intake, simplify identity verification, automatically discover and action a requestor’s data within customer data bases and report on volume and status of account deletion requests.
Watch the webinar: Operationalizing iOS App Account Deletion
