Updates to Apple’s App Store Guidelines now dictate that apps must offer users an opportunity to initiate the deletion of their account, and failure to do so will result in submissions being rejected. But what exactly does this mean?
This change may be frustrating for some app owners, but it should be generally welcomed, as it means Apple is helping to enforce the GDPR guidelines for “Right to Erasure” (also known as “right to be forgotten”), which is designed to allow users full control of their personal data.
You could be forgiven for thinking that this means all apps must now contain a big red button emblazoned with ‘delete’ in capital letters, but that is not quite the case. Before we dive into why, let’s take a look at the official announcement from Apple:
The updates to App Store Review Guideline 5.1.1 last June provided users with greater control over their personal data, stating that all apps that allow for account creation must also allow users to initiate deletion of their account from within the app. This requirement applies to all app submissions starting January 31, 2022. We encourage you to review any laws that may require you to maintain certain types of data, and to make sure your app clearly explains what data your app collects, how it collects that data, all uses of that data, your data retention/deletion policies, and more as described in the guideline. Examples of this type of data include electronic health records, and sales and warranty records. Please also confirm that the app privacy information on your product page is accurate.
The key line to note is ‘all apps that allow for account creation must also allow users to initiate deletion of their account from within the app’. Now, the wording there is very important – you must allow users to initiate deletion. How they initiate it is up to you, however. You don’t need a delete button, per se. What is needed is a way to start the deletion ball rolling.
For some applications, a simple delete button could and should be enough. The selection of the button should trigger the deletion of all personal data (but anything that is not personally identifiable may be retained). For more complex systems, however, an instantaneous deletion may not be desirable. In this case, you need a way to trigger the deletion process.
To trigger deletion, you may want to employ the use of a deletion request form. A user could simply submit this request to an administrative team, and allow the administrators themselves to manage the deletion within a content or user management system. Alternatively, if you have a chat system enabled, you may want to trigger the opening of a chatroom and allow your support agents to handle the request.
Remember that one of the main reasons for rolling out this requirement is to make it easier for users to delete their accounts. Currently, a lot of hurdles and hoops must be overcome in order to delete your account on certain apps, with developers making it a requirement that you redirect to a website. From the 31st January, that will be a thing of the past.
Such a process then invokes a (recommended) 1 month window in which you should comply (if you follow GDPR guidelines), unless you make a claim for a justified 2 month extension. During this time you will need to have performed the necessary cleansing of your data to remove any personal information form your system. You don’t need to delete all transactional or app related information, as that may be an important part of your history, but any personal information will need to have been anonymised.
So, while it may be a simple request, it has wide reaching implications for apps across the app store. If you are letting users create an account, you must also allow them to delete it.