Legal and data protection research writer at TermsFeed.
On this page
- 1. Overview of What Apple Requires
- 2. Scope of Apple's Account Deletion Requirement
- 2.1. Requirement is Only for Apps that Allow Account Creation
- 3. Examples of Apps that Allow Account Creation
- 3.1. CoinZoom
- 3.2. Flipkart
- 3.3. QwickPAY
- 4. Apple's Continuing Privacy Crusade
- 5. What Should App Developers Do?
- 6. Summary
Since January 31st, 2022, all apps on Apple's App Store that allow users to create accounts need to have a mechanism in place to allow users to delete those accounts from within the apps themselves.
In this article, we'll go over Apple's deletion requirements, what developers must do to comply, what consequences companies can face if they don't comply, and how to make things easier if flooded with requests for data and account deletion.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
Overview of What Apple Requires
Apple announced this requirement at its 2021 Worldwide Developers Conference. Apple's demands on app developers were more extensive than what was required by strict privacy laws like the California Consumer Privacy Act (CCPA/CPRA) or the EU's General Data Protection Regulation (GDPR).
Those watching the global push for comprehensive privacy legislation know that Apple's moves were apparently designed to forestall any criticism of its privacy practices as lawmakers increasingly put tech companies under the magnifying glass.
Most privacy laws in America stipulate that individuals can delete any personal data which a given company has acquired. Apple's decision is likely to be one that other tech companies such as Microsoft and Google will emulate.
Some also see Apple's actions as an attempt to sidestep legislation by the federal government intended to regulate Big Tech by notifying the public that the company is quite able to regulate itself without outside intervention.
In other words, it was a marketing move by Apple designed to position the brand as more trustworthy than its competitors since it is voluntarily imposing even stricter privacy rules on the apps it allows in its stores than privacy laws demand. In practice, this could give Apple an edge over its competition. That is, at least until all competitors make copycat moves.
Scope of Apple's Account Deletion Requirement
In June 2021, an update to Section 5.1.1 was made to the App Store Review guidelines. The new guidance notes that Apple will enforce the account deletion requirement on all applications submitted (either as an update or as a new app) to any Apple platform (iOS, MacOS and iPadOS) beginning January 31st, 2022.
This requirement does not apply to applications that were available in the Apple App Store before this date.
Developers of applications should plan to provide the account deletion functionality in the apps and their servers before updating existing applications with additional functionality or bug fixes.
The full text of Apple's announcement can be seen below:
Requirement is Only for Apps that Allow Account Creation
Apple's requirement is only applicable to apps that support account creation. That's good news for those worried that the provision could extend to applications that involve accounts created in other ways and different contexts.
For example, an application that provides an interface for traditional "brick and mortar" companies, such as a banking app, will most likely be free of Apple's new demand provided users create their accounts through a paper application or company website.
Examples of Apps that Allow Account Creation
Many apps require users to create accounts. These can include social media apps as well as instant payment, ecommerce, cryptocurrency apps, and more. Below are a few that can currently be found in the Apple App Store.
CoinZoom makes it easy to buy, sell, or spend cryptocurrencies such as Bitcoin Cash, Litecoin and Ethereum. Beginners in the world of crypto will find the app easy to use, but it's also powerful enough to provide advanced tools for those who are more experienced.
Here's the app's account creation screen:
It is simple to use the Flipkart ecommerce app. Once downloaded, it allows users to shop anywhere and any time they like. Unlike CoinZoom, Flipkart automatically creates a user account once the app is installed and the user provides the company with their phone number as seen below:
QwickPAY is a complete POS solution for payment systems. It allows your iOS device (iPhone/iPad) to transform into a secure POS system that accepts magnetic stripe, EMV contact and contactless payments cards. The app has an account creation setup much like that of CoinZoom:
As you can see, it's pretty transparent which apps allow (or require) account creation in order to use them. This new requirement will apply to such apps.
Apple's Continuing Privacy Crusade
As previously suggested, Apple's in-app account deletion requirement is clearly part of its push to position itself as the privacy champion within the tech world.
Clear examples of this effort are demands Apple began making in the past. Just some of these include requirements wherein app developers had to provide Apple with information on how they collect and use data, the publication of privacy nutrition labels for apps, and Apple requiring that all app Privacy Policies be subject to review.
Of course, Apple's requirements up until now have all been within the framework of international privacy laws. In fact, the company's announcement concerning the in-app account deletion requirement also points out that app developers have a responsibility to bring themselves into compliance with those privacy laws and to follow Apple's own best privacy practices. (The company posts these in the form of industry and regulatory guidance.)
What Should App Developers Do?
Essentially, you shouldn't be concerned if your app doesn't require account creation. In this case, Apple's in-app deletion requirement doesn't apply to you. However, if your app requires account creation, the first step is to ensure users have a straightforward way to request account deletion, and that must be found within your app.
Here's an example of an in-app account deletion function:
And one more example, here:
Your clause can be structured differently, as long as the required information is set out. Here's another example:
Remember that it should go without saying that you should get legal counsel before deciding upon an account deletion process. After all, it is entirely reasonable to assume that Apple will need more than just a deep link buried somewhere in your app that allows users to open an email and request deletion.
With that said, you should take the following steps:
- Review the account creation capabilities of any applications posted to the Apple App Store to determine whether the application permits the consumer to create an account, or account creation is all performed offline or through other interfaces (including web interfaces)
- Regularly review and update Privacy Policies and privacy practices (especially any statements and practices that apply to the collection and use of personal data from applications) with qualified legal counsel and make sure such practices comply with Apple's requirements as well as any applicable laws
- Update data retention and deletion policies to comply with Apple's new account deletion requirements and updates to the App Store Review Guidelines
- Begin development of any application and service technological improvements (such as automating the account or data deletion process) necessary to comply with the condition that users be offered the deletion of their account in the application when the user was able to create the account through the application
Apps that fail to provide a means for users to delete their accounts will likely be kept from placing their apps in Apple's App Store until the in-app deletion requirement is met.
As noted previously, this would not apply to apps that were already in the store before January 31st, 2022.
Apple has long been a pioneer in digital technology and one of the world's top providers of consumer-facing products. In recent years, as more regulations have come into effect to protect consumer privacy, the tech giant has worked hard to position itself as a company that respects and protects its users' rights.
The company's latest policy changes may be an attempt to show state and federal legislators that it can satisfactorily protect the personal data of U.S. consumers without additional regulations.
As such, application developers that require users to create accounts must now include a way to delete those same accounts from within the app. The deadline for these updates is January 31st, 2022.
Additionally, developers should expect additional changes and be ready to adjust their ongoing compliance efforts accordingly.