Google announced something new with a significant effect on app owners. Around February 1st (2018), Google Safe Browsing will show warnings on apps and on websites leading to apps that collect a user’s personal data without their consent.

That means that soon Google will warn about any app that doesn’t have a privacy policy and doesn’t ask for consent where necessary. It doesn’t require a lot of fantasy to see how this can significantly affect any app providers. Let’s see how Google frames it and how you can make sure that this doesn’t happen to you – and if you’ve come here because it’s happened to you, how to fix it.

The Google Online Security Blog’s announcement outlines:

“In our efforts to protect users and serve developers, the Google Safe Browsing team has expanded enforcement of Google’s Unwanted Software Policy to further tamp down on unwanted and harmful mobile behaviors on Android. As part of this expanded enforcement, Google Safe Browsing will show warnings on apps and on websites leading to apps that collect a user’s personal data without their consent.

Apps handling personal user data (such as user phone number or email), or device data will be required to prompt users and to provide their own privacy policy in the app. Additionally, if an app collects and transmits personal data unrelated to the functionality of the app then, prior to collection and transmission, the app must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.”

and

“These requirements apply to apps in Google Play and non-Play app markets. The Google Play team has also published guidelines for how Play apps should handle user data and provide disclosure.“

This can be quite a significant development as Google plans not only to display warnings for apps on its very own Google Play Store, but also on others such as the big App Store for iOS devices.

How to make sure Safe Browsing penalties don’t happen to you

It’s fairly simple and it’s what you’re supposed to do under privacy regulations anyway: provide a privacy policy and where necessary get explicit/affirmative consent for user data.

Handling personal user data – provide a privacy policy

In order to process personal data of users, you must disclose that data processing in a privacy policy and then prominently display that privacy policy for your users to see: within the app, on the app stores and on marketing pages. The process isn’t that complicated and iubenda helps you massively to achieve that, so you can concentrate building your app.

If you rather read a quick guide about how to provide your privacy policy, you can do that here:

• Privacy policy for Android apps
• Privacy policy for iOS apps

If you want to skip all that and get right to generating your privacy policy with iubenda, then you can just use our generator for mobile app privacy policies.

Handling personal user data unrelated to the app functionality – seek affirmative consent

Google has another policy in place that require any apps that process user data unrelated to the functionality of the app to prominently highlight how the user data will be used and have the user provide affirmative consent for such use, all prior to collection and transmission.

These prominent disclosure requirements basically involve shutting down/pausing the app’s functionality before collecting that consent. You can read more about this here:

Google Play’s Prominent Disclosure Requirements

How to fix Google Safe Browsing Warning regarding your app

If you’ve already been penalized for your processing behavior (and non-disclosures), then you must fix the issues first as reported above: 1) add a privacy policy in the required places 2) require affirmative consent from users where necessary.

Affirmative consent is closely related to Google’s EU user consent policy. It will be interesting to see if Google starts to enforcing this in this way as well. 

(Update: Google has recently introduced some significant changes in relation to the EU’s General Data Protection Regulation (GDPR). You can read all about the changes and how they will affect you here.)

When the above is done, then do the following as per Google’s guidelines:

• Webmasters whose sites show warnings due to distribution of these apps should refer to the Search Console for guidance on remediation and resolution of the warnings.
• Developers whose apps show warnings should refer to guidance in the Unwanted Software Help Center. Developers can also request an app review using this article on App verification and appeals, which contains guidance applicable to apps in both Google Play and non-Play app stores.

Privacy policy generator for mobile apps

The post Google introduces Safe Browsing warning when user data is collected without consent appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

This post may also be read in German “Googles “Erfordernis der deutlichen Offenlegung” für den Play Store“.

More specifically, you would’ve been told, “We’re contacting you because the apps listed at the end of this email handle or request personal or sensitive user data. Apps like this must comply with the Prominent Disclosure requirements of our User Data policy“.

Google goes on to tell you what needs to be done, “Action required: Make sure your apps fulfill the Prominent Disclosure requirements of our User Data policy. If these requirements are not fulfilled within 30 days, your app may be removed from Google Play. Alternatively, you can remove any requests for sensitive permissions or user data within your app. You can also choose to unpublish your app.“

The good news up front: you’ve come to the right place. iubenda helps app and website owners with creating beautiful and professional privacy policies. These policies work even more beautifully for apps like built in the Android ecosystem.

This email seems to target slightly different issues than the one we looked at before about a missing privacy policy.

Let’s look at what else is inside the email and how you ultimately fix your problem.

Try the mobile privacy policy generator now

What are the steps to take?

The warning is being sent to you because may have a privacy policy in place, but it isn’t good enough. Here are some steps to take:

The most important step to understand is the requirements under the Prominent Disclosure requirements in the User Data policy. 

Prominent Disclosure requirements in the User Data policy

In Google’s User Data policy you can find the requirements set out for special disclosures:

If your app collects and transmits personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.

Your in-app disclosure:

• Must be within the app itself, not only in the Play listing or a website;
• Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
• Must describe the type of data being collected;
• Must explain how the data will be used;
• Cannot only be placed in a privacy policy or terms of service; and
• Cannot be included with other disclosures unrelated to personal or sensitive data collection.

Your app’s request for consent:

• Must present the consent dialog in a clear and unambiguous way;
• Must require affirmative user action (e.g. tap to accept, tick a check-box, a verbal command, etc.) in order to accept;
• Must not begin personal or sensitive data collection prior to obtaining affirmative consent;
• Must not consider navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
• Must not utilize auto-dismissing or expiring messages.

The point to understand is the following: Google apparently considers the collection of data that isn’t clear from your app page or from within your interface to be covered by this prominent disclosure policy.

This is a notice for your user in addition to your privacy policy and should ultimately link there for an explanation of the data processed. The data should not be processed until you have affirmative consent by your user. This is what you need to fix. 

You have two options: 

1. remove the offending data collection
2. properly inform via in-app disclosures and consent collection and link it to a proper privacy policy

By the way, adding Android permissions to a privacy policy is super easy with iubenda:

Generate a privacy policy for your Android app

P.s. if you’re interested you may read our more general post about privacy policy for Android apps. It contains additional information about how to structure and write a privacy policy from scratch.

The post Google Play’s Prominent Disclosure Requirements appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In our tests, this version has been up to 40% faster than the current version, particularly when reactivating all priorly blocked scripts. **This release – called Safemode – is not yet the default**, but you can activate it right now by making a small change to your embedding code.

What the changes mean in short:
Safemode is the new version of the iubenda cookie solution that will gradually replace the one in use currently. Safemode introduces drastic performance improvements for the iubenda cookie solution:

• Up to 40% Faster – Reduces time to banner appearance and scripts reactivation
• Inline activator – With the inline activator – or the part of code that deals with activation of the script – a script can also be activated in the event that the main resource iubenda_cs.js is found to be generally unavailable or resulting in error
• No more compatibility issues – Safemode doesn’t depend on external libraries (jQuery and Zepto) with the result that we’ve eliminated compatibility issues with particular version of these libraries

Check our guide to learn all about the Safemode and how to activate it →

We now have 4 different release CHANNELS

In order to streamline the release process and adapt to your needs, we decided to introduce the following new release channels:

• CURRENT is the default channel for everyone, the one that all sites are using right now
• BETA will receive the latest updates, before they’re properly tested on a large scale
• STABLE is the opposite of beta and will only receive updates 2 weeks after the update has been announced in a specific newsletter (which you can find here)
• SAFEMODE is a release channel created for allowing you to test our new cookie solution release

All our release channels have a full changelog.

For example, you may want to checkout our latest additions to the beta channel, including an improved timing of our consent by scroll feature.

Read our guide on how to switch to a new release channel →

Reminder: what can the iubenda cookie solution do for you?

• Generate a cookie policy autonomously in a few seconds
• Display a customizable cookie banner on your website, as required for example by Google’s EU user consent policy in order to alert your users about the cookies you’re using (e.g. the Google AdSense cookies)
• Block your the scripts that create cookies before collecting your users’ consent, in case that prior consent applies
• Detect and store your users’ consent, even with a simple scroll action
• Reactivate these scripts, even at scroll, asynchronously and without page refresh

Read about the cookie solution

The post Releasing a big cookie solution update: Safemode appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Today we’ve added a host of services again and – as is our custom – we are publicizing each one of those additions here on the blog. Let’s start with comScore Analytics.

We’ve now added comScore to the list of our service integrations. If you are not familiar with comScore, they are an Internet analytics company, with a broad spectrum of services:

(…) measures what people do as they navigate the digital world – and turns that information into insights and actions for our clients to maximize the value of their digital investments.

What is a service integration (= comScore privacy policy clause)?

A service integration means that you can add comScore as a service to your iubenda dashboard, which will in turn be automatically transformed into a clause for your privacy policy. You can therefore now use iubenda to generate a privacy policy for you with an comScore clause.

If you are going to use comScore Analytics for your projects, make sure to comply with laws regarding privacy regulations and let us help you to craft a beautiful and compliant privacy policy.

Generate a Privacy Policy for comScore Analytics

The post Privacy Policy for comScore Analytics: Service Added appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Product Launches & Additions

1) Big update now being pushed out to all:

We’ve had a big update to our policy texts in July which we chose only to apply to new sign ups. All of these updates are now being pushed out to everyone which means YOU have a shiny new privacy policy.

There have been more changes under the hood and we’ve added new third party services very diligently recently:

+ Adcash, + AdEspresso, + Adform, + Adobe Analytics, + AdWords Conversion Tracking, + Alexa Metrics, + Apsalar, + AskingPoint, + AudienceRate, + Balanced, + comScore Analytics, + Customer.io, + Facebook Ads conversion tracking, + Google Wallet, + Grapeshot, + Heap, + IDGTechNetwork, + Improvely, + LiveIntent, + Pingdom, + Polldaddy Widget, + Powerlinks, + StatCounter, + Trak.io, + Wirecard, + Youtube video and Google maps embedding.

2) We have updated our pricing options.

Now there is a new option to switch to a monthly subscription that will add more licenses to your account starting at 5 licenses for 9$ per month. Therefore the pricing possibilities look like this now:

• Free basic policy with some restrictions
• Paid policy that unlocks all of the otherwise restricted options for 27$/year
• Monthly subscription that starts at 5 licenses with 9$/month

Find the pricing page here.

3) New pages:

• We have added a “showcase” section to the site, that links to some of the most interesting iubenda users out there.
• We have added a “guides & documentation” page that helps our users getting started or learning a bit about the whole privacy set up

Legal Changes

• We’ve added clauses to help ensure COPPA (children’s online privacy regulation in California) compliance with a clause called “The service is directed to children under the age of 13”.
• We’ve added a “Do Not Track” clause, reacting to a law change in California’s Section 22575 of their Business and Professions Code.
• We have made some changes that will help German Google Analytics users in particular, but should be taken into account by other European users at some point as well. These changes can be found here: Google Analytics in Germany or right here in German “Aufsetzen der Datenschutzerklärung bei Nutzung von Google Analytics“.

Sites of the Quarter

Since we have added a “showcase for great iubenda use cases” it’s now easier than ever to explore and see how other people are using the product.

One of my personal favorites is Slush, the Northern European startup event taking place in Helsinki. Another super lovely product playing with our policies is Exposure, an app to create online photo narratives.

Plans for the Future

There are still many things we want to build for you besides making all of our tools better every single day. To give you an idea of what to expect next:

• We are going to test a terms of service tool very soon (some of you may already be seeing a feedback form)
• We plan to release more languages (Portuguese is in the pole position right now)

Popular Articles on the Blog

Our most popular articles on the blog within the last 3 months:

• Privacy Policy for iOS Apps
• Privacy Policy for Google Analytics
• Privacy Policy for Android Apps
• A Guide to COPPA and Mobile Apps
• Do Not Track in Privacy Policies
• The Need for Privacy Policies in Mobile Apps: an Overview

Many of the blog posts have become either “guides” to a specific third party or an overview of a specific situation for example in Canada. These articles can be also found on the “guides & documentation” page added to the main site.

Privacy Policy Customizations

We have been doing more and more customizations for companies and apps that need a more thorough legal coverage (and that in various countries). With our resources we are able and happy to take customization requests if your company needs help going further than what our generator helps you to do. Currently we are offering this service for privacy policies and terms of service, which is our strongest suit. If you have questions or suggestions regarding this service, we are happy to take them at info@iubenda.com anytime.

The post iubenda: Quarterly – October to December appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

It’s the first of August and I think it’s a great time to share and recap some of the highlights for iubenda during the last 3 months.

Product Launches

1) The addition of new languages to our privacy policy generator.

• On the 25th of June we’ve added our support for German Datenschutzerklärungen
• On the 9th of we’ve added our support for the Spanish políticas de privacidad
• On the 23rd of July we’ve added our support for French politiques de confidentialité

2) Our opening up to more regions, we’ve added a specific generator for privacy policies for mobile applications, which has quickly become an often used service by mobile developers.

3) We have been maintaining our privacy policy texts:

• One of the reasons you are a subscriber to our service: we have improved large portions of our wording
• We have added countless clauses coming across new services and for our new mobile ecosystem (making it over 130 pre-written clauses)

Site of the Quarter

The choice wasn’t easy and not fair at all since there were a lot of very interesting Facebook apps, mobile apps and websites subscribing to iubenda within the last three months. Since I want to highlight just one, here’s my winner: Tile – also featured on the iubenda Tumblr.

Plans for the Future

We have a lot of plans for the future for you. Some of what we may share with you right now:

We will add support for even more languages and some rumors about us releasing a terms and conditions generator in the near future may not be entirely wrong…

Popular Articles on the Blog

Our most popular articles on the blog within the last 3 months:

• Privacy Policy for Android Apps
• German Privacy Policy: Datenschutzerklärung
• Spanish Privacy Policy: Política de Privacidad
• User Story Mapping
• The Need for Privacy Policies in Mobile Apps: an Overview

Getting Featured

To finish this up. We’d love to feature your apps on our Tumblr blog (and Twitter account), so if you have one active on an App Store (Android, Apple or Windows Phone) include as in a tweet to let us know.

The post iubenda Quarterly appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Our solution for mobile apps has been a long time coming. The need for privacy policies for mobile applications has been ever growing since we launched over a year ago in March 2012. You may have heard about the quite devastating mobile privacy issues experienced by startups like Path, but also about the lawsuit that Delta Airlines found themselves in.

The fact is: privacy policies need to be built into mobile apps if you collect very basic personal information. The change was brought about by California Attorney General, Kamala Harris, who started to apply the California Online Privacy Protection Act to the mobile ecosystem. In the wake of their crackdown on mobile apps, the office of the Attorney General also released a helpful guide on the handling of mobile privacy called Privacy on the Go: Recommendations for the Mobile Ecosystem.

All of that can be had much easier and more convenient:

Our Privacy Policy Helper for Mobile Apps

Basically, we are giving you the same quality and design you’ve come to expect from us, but now iubenda is mobile ready. Here are some of the highlights for our mobile version:

• Truly plug-and-play. No need to adjust to screen sizes, no need to adjust to other OSes. Generate, embed, done
• Our privacy policies help you become compliant across app stores in no time
• Flexible embedding options for your apps
• Hosted in the cloud. Change it remotely anytime

Keeping this service ever up to date means that we’ve arrived at over 120+ ready made clauses, now with many mobile specific ones.

Try the mobile generator here now with a 10% LIFETIME discount for the next 48 hours!

Next: support for more languages

We have a few things in the immediate pipeline, that a lot of users have been waiting for: we are starting to roll out our support for more languages. Within the next few weeks we are opening up German, French, Spanish and Portuguese. We hope to serve your needs even better with this step. You can either use various languages at the same time, or completely localize to your language if you are geared towards non-English speakers.

Thank you for reading, we hope you enjoy being with iubenda. As always, please feel free to get in touch about any questions, feedback or just to say hi.

Go Generate Mobile Privacy Policy

The post Launch: Mobile Apps Privacy Policy Generator appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

A new amazingly amazing iubenda:
new design and new features

We are working with Jonno Riekwel for making iubenda not only useful, but even beautiful.
The result is amazing, we are excited of what’s coming up, screenshots below.

New Dashboard

We redesigned the dashboard to be more visual and funny to navigate.

New interface for managing services

We now have categories for making the services easier to manage, and a dedicated section for editing the privacy policies generated in the past

Language management

The reason why we only invited italian users to join the beta so far is that there was no way to seamlessly manage multiple languages. Now we are building a dedicated feature for handling the need:

Simplified privacy badges and ‘no branding’ option

This was the most common feature request. The good news is that it’s coming

A completely renewed privacy policy

The process was long, and we explained it on a dedicated blog post, but we can finally show the result:

Stay tuned

Sign up to the waiting list if you didn’t yet, we’ll keep you up to date, as more as we can.
This is just a sneak peek of what we are working on, we are *very* alive and iubenda is moving fast.

What you see on the shots is not live yet, it’s still WIP, but we think you deserved a preview

The post A brand new version: sneak peek appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.