The New Google Play Data Safety Policy: A Survival Kit
Google has just shown everyone the path to the future of hyper-personalized mobile engagement. We believe that with this new policy, they have opened the doors wide open for Edge AI.
(We have reviewed the new Play Store policy and provided helpful hints below. For the full version, check out the Play Store Console.)
New Google Play Store Policy. Again?
It’s been 3 months since Google’s last “Policy Update To Bolster Privacy and Security” so, right on time, they just dropped a new bomb on the Android App Developer Community. This has become a habit for both Google and Apple, to make frequent dramatic changes to their policies. This reflects their efforts to accommodate consumers’ privacy concerns and slowly distance themselves from their past practices that, at least when it comes to User Privacy and Data Safety, had been lax for a long time. We will review this update below to help you understand how this will impact the submission process and the overall implications to your app. You are also welcome to skip to the end for a solution that allows your app to use all available data types without having to collect or share them, so no Data Safety plan will be necessary.
Let’s take a closer look.
Introducing the new Google Play Data Safety Policy
This new Google Play Data Safety Policy update echoes a similar move by Apple right around when iOS 14 was released. The purpose is to compel app developers to be more transparent about their data practices and, perhaps more importantly, to help absolve the App Store/Play Store from responsibility in the event that apps mislead the users and/or abuse their data. The disclosures you will make in Google’s new Data Safety Form will be paired with your Privacy Policy and will first be used in the app certification process. Once approved, they will appear in your app listing in the Play Store storefront and available to all users (see example below).
As can be expected, the Play Store does not assume the responsibility for verifying the accuracy of your disclosures and you, the app developer, still bear sole responsibility for any misleading, inaccurate or ambiguous information. However, it is safe to assume that there will be a certain degree of oversight and any meaningful contradictions between the disclosures, the Privacy Policy and the actual app behavior may result in a rejection of your app submission by Google.
The new Data Safety Policy is now in effect and app developers are invited to submit their forms for review in advance, but there is still time until February 2022 before the disclosures (or lack of them) will become visible to all users. To avoid rejection or other sanctions, April 2022 is the deadline for all new apps and updates to complete the Data Safety Form and Privacy Policy and resolve any discrepancies.
Breaking Down the Google Play Data Safety Form requirements
The new Data Safety Form for app developers, is intended for developers to declare which data types they collect and to disclose what they do with that data.
This disclosure is required for submitting the application for approval and its contents will be displayed in your Play Store listing.
You will need to describe your Data Practices along 3 main vectors:
Data Types and Purposes
– Which of the many available data types are you using and for what purpose?
Collection and Sharing
– How is that data used and who it will be shared with?
Controls and Protection
– What controls do you and your users have over the data that is collected and shared?
Data Types and Purposes
Apps, through the mobile OSs, have access to a great deal of users’ data types. Until now, data disclosures focused only on a portion of data which was considered “sensitive” or “personal” (by regulators and therefore by the OS). Under the new Google Play Data Safety Policy, the disclosures apply to virtually all data types, including:
- Location data
- Personal Info
- Financial Info
- Health and Fitness data
- Communications data (such as Messages)
- Audio/Video/Data files
- Calendar and Contacts
- App/Web Activity
- App Info and Device Identifiers
It is not expected that apps avoid accessing, collecting or sharing users’ data altogether; it is simply the purpose of the Data Safety form and the accompanying disclosures that, in the interest of transparency, app developers explain to potential users, in advance, what will be done with that data. The purposes fall into the following categories:
Data Collection
As a developer, you will have to consider which of these data types are being “collected”, i.e. transmitted from your app off a user’s device. For the purposes of the disclosure, you must respond on behalf of any SDKs or 3rd party libraries that are in use. These disclosures also apply to any data that is collected from a webview window that your app has opened. Even data that is not explicitly associated to a specific user, but linked to a unique ID so it could be reasonably reassociated to that user (Pseudonymous Data), must be disclosed. Data that is processed in memory without being stored (Ephemeral processing) is exempt from disclosure, provided that it is “retained for no longer than necessary to service the specific request in real-time, and not used for any other purpose”.
The policy guidelines do specify two scenarios in which data is accessed but not considered to be “collected”. The first is if the data is accessed and processed locally on the device, within your app. The second is if the data is encrypted end-to-end before being sent off the device, so it is unreadable by the developer or any other 3rd party or intermediary, except for the intended recipient.
Data Sharing
The next disclosure is related to whether and how the data is shared. The app developer and any service providers operating under their directions are considered to be the ‘first party’, the entity that app users are aware of. Therefore, data that is sent off of the devices to the app developer’s servers, or to those of its service providers, is not considered to be shared. On the other hand, sending data, either off of the device to 3rd party servers or on the device to a different app, needs to be disclosed as “sharing” under the definitions of the Google Play Data Safety form.
Data is not “shared” when it is transferred for legal purposes or as a result of user-initiated actions, where the user has explicitly requested or can reasonably expect, based on consent, in-app disclosures and the app’s Privacy Policy, that that data be transferred to a 3rd party. In addition, the transfer of Anonymous Data, user data that has been fully anonymized so that it can no longer be associated with an individual user, is not considered to be “sharing data”.
Data Handling
Under this section, you should disclose which data types users are “Required” for your app’s primary functionality and which data types are “Optional” for which users can opt-out of data collection. Note that you can only declare that a data type is “Optional” if all users have the option to opt-in or opt-out.
You can also disclose whether each data type collected by your app is “optional” or “required.” “Optional” includes the ability to opt into or opt out of data collection. For example, you can declare a data type as “optional” when a user has control over its collection and can use the app without providing it; or when a user chooses whether to manually provide that data type. If your app’s primary functionality requires the data type, you should declare that data as “required.”
Filling out the Data Safety form
You can choose to fill out the form in the Android Developer Console:
Keep in mind when responding that you must answer for the data practices of the SDKs and 3rd party libraries that your app is using. For that reason, they have also provided a very detailed CSV format which you can share internally and with your SDKs vendors, in order to review each and every data type that is covered by the Data Safety policy, and then simply upload your response.
Magic: Making the Data Safety Disclosures “Disappear”
A macro-analysis of the new Google Play Data Safety Policy reveals where the balance between a personalized User Experience and ethical Data Privacy practices can be found: data analysis and processing done completely on the edge device (phone). Accessing data while keeping it on the device does not constitute ‘Data Collection’. By making this exclusion, Google is acknowledging that analyzing data on the device without sending it anywhere is in the best interests of the User and is inherently private.
Furthermore, the Data Sharing disclosure excludes “Transferring user data that has been fully anonymized so that it can no longer be associated with an individual use”, so you can still study anonymized user behavior. These crucial exemptions mean that shifting the “brains” of personalization onto the device is a “magic solution” for you to continue providing hyper-personalization to your users without running afoul of Google, Apple or the applicable regulator in your region.
App developers who seek to explore this advantage can leapfrog incremental policy changes and cut straight to the privacy endgame by implementing Edge AI in their apps. This technology shifts the Artificial Intelligence and the Machine Learning that are required for hyper-personalization from the cloud onto the device. By adopting this approach, the app will be responsible for creating and updating detailed profiles, or personas, to use for precise audience segmentation and for effective targeting. The depth of data that will be available for this hyper-personalization will be the complete range of the data types mentioned above, while the amount of data that will be “collected” or “shared” will be… zero. Our next post will cover the challenges and opportunities involved in implementing Edge AI in greater detail.
