Nutrition Labels, But for apps?
In December 2020, Apple announced that Apple’s App Store will now have “privacy nutrition labels” that show the details of how an app uses the data collected by them similar to how food items have a nutrition label that shows how much nutrition it contains.
While this came as a positive development in form of increased transparency through easy-to-read privacy policies, Apple was criticized for keeping the definition of privacy narrow. Further, most of these labels also had an honor label stating that “This information has not been verified by Apple.”
The Washington Post’s Geoffrey Fowler discovered that certain applications were lying about their privacy rules in their labelling, which might give users a false feeling of security. Brian X. Chen of the New York Times found the labels were instructive up to a degree. He could tell how much data an app was gathering about him from the labels, but not what that data was being used for.
On April 26th, 2022, Google followed Apple’s lead and released a version of privacy labels for its own applications, with the goal of giving Google Play enhance consumer information about the information gathered by the apps they install.
Google’s “Data safety” section, which was first revealed in May 2021, would require developers to publish details on how their apps acquire, distribute, and safeguard user data. Developers will be required to provide the following information:
- Whether the developer is gathering data and why;
- Whether or if the developer distributes data to third parties;
- The app’s security policies, such as data encryption in transit and if users may request data deletion;
- If an eligible app has agreed to adhere to Google Play’s Families Policy in order to safeguard children from inappropriate content;
- Whether the developer’s security methods have been evaluated against a worldwide security standard.
While both sets of labeling aim to educate users on how apps gather and manage data and protect their privacy, there are some crucial distinctions. Apple’s labels primarily focus on what data is gathered, including data used for monitoring, and on notifying users about what data is associated with them. Meanwhile, Google’s labels place a greater emphasis on whether you can trust the data that’s gathered is being managed properly by allowing developers to indicate whether they adhere to data security best practices.
Google has given developers until July 20 this year to complete the Data Safety section, although the feature is now available to consumers on the Google Play store. As a result, many consumers may encounter apps with no labels even before the product is released. That staggered delivery might also be on purpose since it discourages users from checking their favorite applications’ privacy and security standards right away, and by the time those labels appear, users may have forgotten they wanted to do so.
The program is part of Google’s continuous efforts to guarantee that Play Store apps protect users’ personal information. It announced intentions earlier this month to limit the availability of obsolete applications on the Play Store in order to ensure that those accessible for download are employing Android’s most recent privacy and security features. On this front, Google says it will add new elements that detail whether the app uses security practices such as data encryption; if the app follows Google’s Families policy, which is concerned with child safety; if the app’s safety section has been independently verified; if the app requires data to function or gives users the option of not sharing data; and whether the developer promises to remove user data when the app is uninstalled. Apps will be obligated to provide their privacy policies as well.
Another intriguing feature is that Google will allow independent verification of app data labelling. Assuming that these verifications are done by reputable entities, they may aid in convincing consumers that the disclosures are truthful. One of the first criticisms of Apple’s privacy labels was that many of them provided false information – and got away with it.
However, such an announcement by Google is ironic in nature considering how it was one of the most adamant about not releasing privacy labels for its own iOS apps, scrambling to evaluate (and re-review, we understand) the labels’ content and disclosures. After boasting that its labels would be available “soon,” many of Google’s best applications received no upgrades for a long time because they were no longer compatible with App Store standards.
After the deadline had gone, Google waited months to supply labels for its most popular apps. When it finally did, critics lambasted it for how much data Chrome and the Google app collect.
However, this could help shift the narrative in Google’s side considering that they have obligated these labels on their own apps as well.
Google says the new features will not roll out until Q2 2022, but it wanted to announce it now in order to give developers plenty of time to prepare.