Google recently announced that beginning next year it will require Android mobile apps to provide privacy disclosures. These disclosures will live in a new “safety section” in Google Play. The requirements include disclosing:
- What information the app collects and how information is used;
- How the app protects information and if it uses encryption;
- If information is shared and if users have a choice about sharing;
- If users can request data deletion; and
- If the disclosures made in the safety section have been verified by an independent third party.
App developers will need to confirm to Google that the disclosures are accurate. This announcement follows on the heels of Apple nutrition label requirement, which we reported on recently. Companies can start creating these disclosures at the end of this year, even though the deadline for providing these disclosures is not until mid-2022.
Putting it into Practice: To avoid UDAAP issues, care should be taken to accurately describe practices when completing the Google process. Companies will want to make sure the disclosures match what other privacy representations it makes. Those might be in privacy policies or elsewhere.