Google's Prominent Disclosure Requirement

Google's Prominent Disclosure Requirement became effective as of March 15, 2017. If you do not comply with this requirement, Google may remove your app from the Google Play store.

The Prominent Disclosure Requirement requires that users be informed of any data collected by your app that is not essential to the basic functions of your app. You must also give users the opportunity to refuse that collection.

Here's what you need to know about the Prominent Disclosure Requirement and how to comply with it.

What is Google's Prominent Disclosure Requirement?

Google's Prominent Disclosure Requirement is located in the Google Play Policy Center. It applies to any app that collects and transmits sensitive user data for tracking or research purposes rather than app functions.

Here's its actual text, from Google:

Personal and Sensitive User Data

Personal and sensitive user data includes, but isn't limited to, personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call related data, inventory of other apps on the device, microphone, camera, and other sensitive device or usage data. If your app handles personal and sensitive user data, then you must:

• Limit your access, collection, use, and sharing of personal and sensitive user data acquired through the app to purposes directly related to providing and improving the features of the app (e.g., user anticipated functionality that is documented and promoted in the app's description on Google Play). Sharing personal and sensitive user data includes using SDKs or other third party services that cause data to be transferred to a third party. Apps that extend usage of personal and sensitive user data for serving advertising must be in compliance with our Ads Policy.
• Handle all personal and sensitive user data securely, including transmitting it using modern cryptography (for example, over HTTPS).
• Use a runtime permissions request whenever available, prior to accessing data gated by Android permissions.
• Not sell personal and sensitive user data.

Prominent Disclosure & Consent Requirement

In cases where users may not reasonably expect that their personal and sensitive user data will be required to provide or improve the policy compliant features or functionality within your app (e.g., data collection occurs in the background of your app), you must meet the following requirements:

You must provide an in-app disclosure of your data access, collection, use, and sharing. The in-app disclosure:

• Must be within the app itself, not only in the app description or on a website;
• Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
• Must describe the data being accessed or collected;
• Must explain how the data will be used and/or shared;
• Cannot only be placed in a privacy policy or terms of service; and
• Cannot be included with other disclosures unrelated to personal and sensitive user data collection.

Your in-app disclosure must accompany and immediately precede a request for user consent and, where available, an associated runtime permission. You may not access or collect any personal and sensitive data until the user consents. The app's request for consent:

• Must present the consent dialog clearly and unambiguously;
• Must require affirmative user action (e.g., tap to accept, tick a check-box);
• Must not interpret navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
• Must not use auto-dismissing or expiring messages as a means of obtaining user consent.

To meet policy requirements, it’s recommended that you reference the following example format for Prominent Disclosure when it’s required:

• "[This app] collects/transmits/syncs/stores [type of data] to enable ["feature"], [in what scenario].
• Example: "Fitness Funds collects location data to enable fitness tracking even when the app is closed or not in use and is also used to support advertising."
• Example: "Call buddy collects read and write call log data to enable contact organization even when the app is not in use."

Requirements of Google's Prominent Disclosure Obligation

If you're required to comply with this, you will need to have an in-app disclosure that does the following:

• Is displayed during the normal usage of the app, and doesn't require a user to navigate to a separate menu or settings section
• Describes the type of data being collected and how the data is used
• Cannot only be placed within a Privacy Policy or Terms of Service
• Cannot be combined with other disclosures unrelated to user data collection

Additionally, the disclosure must:

• Be clear and unambiguous
• Require affirmative consent, meaning an "I Agree" button or checkbox rather than passive acceptance through use alone
• Be presented and have consent secured before data is collected
• Not consider navigating away from the disclosure as consent
• Not use auto-dismiss or expiring messages

Common Violations of Google's Prominent Disclosure Requirement

Google offers two examples of common violations of this requirement.

First, apps that don't treat the user's personal inventory of installed apps as personal user data and don't comply with the Privacy Policy, Secure Transmission and Prominent Disclosure requirements will be in violation.

Secondly, apps that don't treat a user's phonebook or contact book data as personal user data and don't comply with the Privacy Policy, Secure Transmission and Prominent Disclosure requirements will also be in violation.

How to Comply with Google's Prominent Disclosure Requirement

There are two main elements you'll need to be in compliance with this policy: An in-app disclosure, and affirmative consent.

Let's take a look at each one in further detail.

Have an In-App Disclosure

Snapchat requests a large amount of personal data from users in order to function. When users download this app from Google Play, they are notified that the app will ask for permissions:

As you get further into the app and start to use different features, you will receive notice screens that request permission for access to specific personal data points. Here's how Snapchat asks for permission to make and manage phone calls:

And as part of this, it also asks for permission to access a user's contact list:

If users want to see what permissions will be requested before downloading the app, they can go to Snapchat's Google Play Store listing and click on View Details under the Permissions section of the ad listing:

When you click on View Details, a screen will pop up that shows what permissions the app will request access to:

As an app is used, it may request additional permissions for more access to different information. For example, Pro Power Clean notifies users that accessing the "Trash Cleaner" feature requires access to personal data in the form of photos, media and files:

If you try to use a feature that requires permissions, Pro Power Clean will inform you of this via a pop-up notice like this one:

This is different from the old way of asking permissions, which used more of a list format to request access to all permissions possibly needed at one time, in one screen:

There are other examples when data collection is more evasive. Pollfish does not produce a specific app but it compiles surveys that may be presented through third party apps. These surveys may offer rewards to users who wish to share their opinions.

In this blog example, Pollfish shows how it complies with the Prominent Disclosure requirement. It places the disclosure right within the third party app so users can see it before they agree to take the survey:

The disclosure is difficult to read but it states as follows:

"By accepting to take this survey a specific set of user's device data, including information about the apps the user has installed, is automatically sent to Pollfish servers and associated with answers to the questionnaires, in order for Pollfish to discern whether the user is eligible for a survey and improve targeting of future surveys."

Pollfish makes it clear that users have two options: They can take the survey after reading the prominent disclosure, or click "No Thanks" and avoid data collection.

Obtain Affirmative Consent

Always obtain affirmative consent. Passive acceptance through merely using an app will not work with these requirements. A user has to read the notice and actively click "Accept" or "OK."

Consider the Snapchat examples that require a user to click "Allow" to actually allow permission. This would be a way to obtain clear, affirmative consent.

The other option is to deny the permission, which helps show users that they have a choice, and by making one, they are either giving permission or refusing to give it.

The takeaway here is that you should give users the active option to consent to or decline your data collection.

Place two separate buttons for each function as you request permission to collect data. This makes it clear whether a user accepts the risks of your data collection.

Best Practices for Complying With Google's Prominent Disclosure Requirement

When the policy regarding prominent disclosure was first implemented, Google sent out emails to developers whose apps likely violated the policy.

Now, Google will most likely just pull your app until you fix the violations.

Sometimes fixing a violation will involve adding code so the correct disclosures alert users.

Most times, it is a matter of adding text at the beginning, such as with Pollfish. If you receive a notice, it will indicate where you violated the policy so you can fix the errors.

If you're in violation of Google's Prominent Disclosure requirement, take the following steps:

• Check your Privacy Policy - Your Privacy Policy should contain provisions regarding the data you collect, how you collect it, why you do so, various uses for it, and any third parties who receive it. This includes information about cookies and other tracking software that analyzes users' habits and patterns.
• Determine whether your data collection is necessary - Sometimes the easiest way to address these issues is to remove the problematic data collection processes if they're not necessary. If you do not need to track the data for either functional or research purposes, stop doing it.
• Present installation dialogue box - If you need to collect this data, see what happens when you decide to install your own app. You may have skipped essential steps when loading your app to the store that prevented the initial notices from engaging. Double-check your app so that users know what data you collect before they install your app.
• Post disclosures - Design a disclosure similar to the examples above and post it in the most obvious places. Have it pop up as the user opens your app and produce dialogues that engage when the user activates functions of your app that collect additional data. If you inform users at every step, Google is less likely to have an issue with your app.

Following the Prominent Disclosure Requirement will keep your app available on Google Play and help you comply better with your own Privacy Policy and any laws affecting it. Since consumers are more savvy about privacy and the use of their personal data, it is likely these types of policies will increase.

Stay informed when Google Play sends you policy updates so you can remain on its platform.