Privacy in Mobile Apps: Provide Choice, Build Trust
You have a cookie banner for your website, but what about for your mobile application? Mobile remains a fundamental part of how consumers...
You have a cookie banner for your website, but what about for your mobile application? Mobile remains a fundamental part of how consumers research, interact with and buy from brands. Mobile devices carry almost every aspect of their users’ lives and app downloads are on the rise. According to new data from app store intelligence firm App Annie, mobile app usage grew 40% year-over-year in the second quarter of 2020, even hitting an all-time high of over 200 billion hours during April. Mobile is the the future of digital, and in-app privacy and transparency lies in hands of developers, advertisers and publishers.
How do you address compliance requirements and technology updates, all while delivering trust and a seamless user experience in a mobile application? Developers should build privacy into their mobile apps from the start to foster trust and confidence in the mobile app ecosystem.
Regulatory Requirements for Mobile Applications
Regulators at the state, national and international level actively encourage (and enforce) consumer privacy rights against app developers that misuse or surreptitiously access user data. From a privacy perspective, regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) have put a brighter spotlight on mobile app technologies and how apps collect data and share it with third parties.
Companies developing mobile solutions and delivering upon mobile-first strategies are seeking solutions to build intelligent, data-driven applications that respect user’s privacy, build trust and fuel brand loyalty.
Steps to Capturing Consent in Mobile Apps
Understand the Health of Your App
Chances are you did not code your mobile app yourself, so it’s important to understand what the technology is doing with regards to sharing information with third parties. The best way to understand this is to scan your application to understand software development kits (SDKs), tracking technologies, and third parties collecting data from your application. From a vendor perspective, determine which SDKs are provided by third parties and cross references your vendor inventory.
Additionally, categorize SDKs based on data processing (strictly necessary, performance, advertising, etc.) Lastly, as part of the auditing process, understand what data you are collecting, such as location or photos, and determine the identifier for advertisers (IDFA) used for iOS devices. A combination of these considerations will give a clear picture of your app privacy health.
With the release of iOS 14, developers will be required to disclose all the information they and their third-party partners collect and keep their iOS 14 “labels” up to date. After scanning your application, you’ll have a better understanding of the SDKs in your mobile app. Be sure to reference the scanning results and list out the information that is being collected from your business and third parties.
Create User-Friendly UX for a CMP
Build pop-up disclosures and preference centers based on relevant jurisdictions. There are three main considerations for the UX of your CMP. First, tailor your consent banner to match your company’s brand including display, color, content, and language.
Next, ensure that you are effectively explaining how the app processes data. Also, make sure you’re meeting disclosure obligations by triggering your consent mechanism at or before the time of data collections.
Allow the user to opt-in to processing or update their preference and honor the user’s choice via consent signals to appropriate SDKs. The overall experience should be based on geolocation to meeting jurisdictional requirements.
Authenticate Users Across Devices
A mobile application might just be one of your digital properties that you own. What about a CMP for web or an over-the-top (OTT) application on a connected TV (CTV). To streamline the user experience, be sure to implement a solution that has the ability to sync consent and preferences across devices.
As we continue to navigate the ever-changing ad tech landscape, three components should likely continue to be at the forefront of every company’s digital strategy: privacy, control and trust.
Watch the webinar: iOS 14 IDFA Changes: How to Maximize Opt-Ins
Further Mobile App Compliance reading:
- DataGuidance News: USA: NIST releases first revision of SP 800-163 on mobile apps security vetting
- Cookiepro Blog: How to Capture Consent in Mobile Applications
- Regulatory body guidance: Privacy and data protection in mobile applications
Next steps on:
- Watch the webinar: Mobile App Compliance: Master Class for Publishers