Skip to main content

Google Play Store Releases Data Safety Form

By and November 19, 2021October 28th, 2022Insights

Android will adopt iOS-like privacy nutrition labels, called the “Data safety form,” starting April 2022. And according to Google, apps that fail to comply with this upcoming requirement may be “subject to policy enforcement, like blocked updates or removal from Google Play.”

While it may be tempting to just repurpose the iOS nutrition labels, Google notes “the Data safety form will ask for additional and different information that you may not have used previously.” Plus, Android and iOS apps behave differently, further emphasizing the potential discrepancies between an iOS nutrition label and Google’s upcoming requirement.

Like for iOS labels, the business must answer a granular level of detail about how the Android app behaves. Specifically, the form will need to include information about how businesses “collect and handle user data,” how they “protect … data,” and how data is “collected and handled through any third party libraries or SDKs.”

For example, according to Google’s sample CSV file, there are three overarching questions for businesses to consider before a series of multiple choice questions:

  1. Does your app collect or share any of the required user data types?
  2. Is all of the user data collected by your app encrypted in transit?
  3. Do you provide a way for users to request that their data is deleted?

What’s Next:

Businesses should begin to think about the types of data their Android apps collect, store, and use at a technical level in anticipation of meeting this April 2022 requirement.

Similar to the iOS nutrition labels, meeting this upcoming Google Play requirement requires a technical understanding of how the app behaves. Relying on statements from vendors or internal stakeholders without validation may lead to some issues along the way.

NT Analyzer can help businesses find potential problems before completing the Data safety form to ensure the form is filled out correctly. With NT Analyzer, Google will not surprise businesses with data leakage or tracking that they are unaware of, including any that is used by third party SDKs.

NT Analyzer’s downloadable report and upcoming designated module for Android, similar to the iOS module, will give organizations the information they need to meet their Android privacy requirements. The report includes, but is not limited to:

  • Identifying all parties collecting data (as well as which SDKs are integrated into the app);
  • Identifying all data types, including personal information/data (at both a technical – e.g., hashed, encoded, fingerprinting, GAID, etc. – and traditional level); and
  • Determining how each data type is used (e.g., App Functionality and/or Personalization).

Ask us today how we can help your organization prepare for the Data safety form and how NT Analyzer can help.

Steven Roosa

Author Steven Roosa

Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner in Norton Rose Fulbright's New York office and oversees the firm's privacy compliance tool suite, NT Analyzer.

More posts by Steven Roosa
Steven Roosa

Author Nicole Sakin

Nicole Sakin is an associate in Norton Rose Fulbright's Information Governance, Privacy and Cybersecurity practice group in the Washington, DC office. Nicole advises clients on compliance with data protection and privacy laws, including COPPA, GLBA, HIPAA, TCPA, VPPA, FTC Act, and CCPA/CPRA and other state privacy laws. Nicole has experience with drafting applicable disclosures, privacy policies, and operational controls, as well as advising clients on building and implementing their privacy compliance programs across all stages of the development lifecycle. She also assists clients with drafting and interpreting technology-related contracts, including insertion orders, service provider addendums, and data protection agreements/addendums.

More posts by Nicole Sakin