Mobile apps are becoming increasingly popular among users. Thousands of them are downloaded every day from Google Play and the Apple App Store. However, not all apps are completely secure for their users and not all manage the personal data of their users correctly. The above-mentioned companies try to make sure that only apps which “play fair” with users get into their stores.
In order to protect the privacy of iOS app users, Apple has issued a regulationstating that: “Starting June 30, 2022, apps submitted to the App Store that support account creation must also let users initiate deletion of their account within the app.”
Originally, this guideline was supposed to apply from the end of January 2022, but the deadline was postponed by 5 months due to pressure from developers and app companies. This is due to the fact that updating apps is not always a simple procedure. Apple has clear rules for deletion of an account:
• The process of deleting the account must be clear, intuitive and transparent, easy to find in the application (e.g. a button to take you to the user profile or account management).
• We must offer complete deletion of the entire account record, including associated personal data. Merely offering to deactivate (temporarily disable) the account is not enough.
• If users have visit the website to complete deletion of their account, we should add a direct link to the page on the website where they can complete the process.
• Users must be well informed. If the deletion request is going to take longer to complete, we need to let users know.
• If the app supports in-app purchases, we need to clearly explain to people how subsequent billing and account cancellation will take place.
• All apps must include an easily accessible link to the privacy policy in the description on App Store Connect within the app.
• Last but not least, it is necessary to comply with the applicable legal requirements for the processing and storage of the client’s personal data. And also its deletion. This includes compliance with local laws - in our case, the applicable GDPR directive.
Cleverlance in its capacity as a technology company, helps its customers address these requirements. As a supplier of mobile applications, we have successfully resolved this issue, for example in the mobile application for MyŠkoda ŠKODA AUTO a.s. Exactly according to the GDPR directive, here customers can completely delete their account in their profile, including their personal data. However, they must first disconnect their cars, which they control via the app.
In banking, the situation is slightly different. Although users can delete their accounts and access to the mobile app, their products remain untouched in the bank. Just like their personal data which must remain in the systems because of the legitimate interest of processing personal data and fulfilling a legal obligation. Users can cancel their account in the app and in doing so stop using the app. But they remain full-fledged customers of the bank.
What does Google say?
And how does another giant, Google, feel about this? The rules for displaying apps in Google Play state that the app must be transparent and inform the user how it processes their personal data. They prohibit outright fraudulent or dishonest conduct. However, Google has not yet taken the step of dictating that every app, if it creates a user account, must also allow the deletion of that account.
This move by Apple will certainly improve the transparency and fairness of apps as regards their users. It is a good step in the right direction towards a more honest electronic world.
Recommendations for developers
For the implementation of the new account deletion functionality, I recommend scheduling a separate release after the specified date. This is to say that Apple is likely to be rigorously testing the functionality and this may lead to a delay in release of the new version. This could have a detrimental effect on other important new functionality of the app if released alongside this release. And users don’t like to wait.