SCIM Provisioning: A Comprehensive Guide to Simplifying User Management
Discover how SCIM provisioning can streamline your user account management, improve security, and enhance productivity.
Apple will soon require apps to allow users to initiate account deletion. Learn more about the upcoming policy and how you can prepare for it.
If your app is listed on the App Store and allows account creation, you must also provide the necessary pathway for users to delete their account in the app by June 30, 2022 according to Appleās recent announcement. This requirement was initially scheduled to be effective on January 31, 2022 but postponed to June 30, 2022 for developers to have sufficient time to prepare for it. The latest announcement also clears up a few things that caused confusion in the previous announcement.
In this post, we will be discussing the details of the latest account deletion requirement, the difference between the announcement in 2021 and 2022, and the potential impacts of it.
The first announcement was published on Oct 6, 2021 stating that āall apps that allow for account creation must also allow users to initiate deletion of their account from within the app.ā In addition, it also reminds developers to review any regional or local data privacy laws to ensure legal compliance.Ā
This initially caused some confusion as the word āinitiateā could be quite vague. Allowing users to initiate account deletion can be as simple as providing a link for users to fill out an online form to submit a request. The developer community then came up with a few alternatives such as providing a customer support hotline in the app, embedding a form in the app or linking to an external form, and actually developing an end-to-end flow of account deletion within the app. In addition, the community also wondered whether account deletion should also trigger deletion of personal data associated with that account.Ā
In the latest announcement, however, it has become much clearer. The update specifically states that it is not enough if the developers simply provide means for users to temporarily disable or deactivate the account. The users must be able to ādelete the account along with their personal data.ā In addition, the update also reminds developers that:
Even though the deadline has been postponed to June 30, 2022, many apps still lack the required functionality.Ā
Aside from the new account deletion requirement, the App Store Review Guidelines section 5.1.1 also includes a few points regarding data collection and storage to which developers must pay attention.Ā
A privacy policy is a statement that lets the users or clients know how the company will gather, use, manage, and sometimes even share their data with third parties.
The App Store Review Guidelines does not simply ask developers to include a link to the privacy policies in the apps but more importantly the privacy policy must:
Collecting usersā data has helped various companies adjust their marketing strategies or provide personalized data to increase their profits; however, some of the data might not be collected with usersā consent. It is now mandated that developers must obtain usersā consent before they collect their data, even if the data might be anonymous. Furthermore, apps must also provide an easily accessible way for users to withdraw their consent for them to have more control over their data.Ā
More can be found in Appleās App Store Review Guidelines.
With more social and economic activities happening online, users are now sharing more personal data with online service providers. In addition, they are also more aware of how their data is being used by different companies and wish to gain more control over their data. Governments in various jurisdictions have passed regulatory privacy frameworks, such as GDPR, National data protection laws, and California Consumer Privacy Act, to protect consumersā fundamental human rights. According to the United Nations Conference on Trade and Development (UNCTAD), over 71% countries have data privacy legislation, 9% have drafted legislation, and only 15% of them have no legislation. Furthermore, major players, such as Google and Apple, in the field have also enforced stricter data privacy requirements to gain the usersā trust.Ā
It is therefore important for developers to strictly follow the rules imposed by the companies and any local or jurisdictional laws to not only avoid penalties but more importantly protect their usersā personal data and gain their trust.
Developing an in-app account deletion flow can be quite time-consuming and it takes some time and effort to assure that the processes are working properly.Ā
With Authgear, you can easily offer user-initiated account deletion with just a few clicks. Furthermore, your apps will be equipped with different authentication and security features for you to not only meet the complex authentication requirements but more importantly provide a secure user experience for your users.Ā
Contact us now to see how your apps can benefit from Authgear.