Blog 5 min 12/7/2020

4 Steps for Mobile Compliance

Mobile Compliance

How do you address compliance requirements and technology updates, all while delivering trust and a seamless user experience in a mobile application? Developers should build privacy into their mobile apps from the start to foster trust and confidence in the mobile app ecosystem.  

Here are best practices OneTrust PreferenceChoice recommends taking when building a privacy-centric approach to mobile applications.   

Join the webinar: iOS 14 IDFA Changes: How to Maximize Opt-Ins 

Regulatory Requirements for Mobile Compliance

Regulators at the state, national and international level actively encourage (and enforce) consumer privacy rights against app developers that misuse or surreptitiously access user data. From a privacy perspective, regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) have put a brighter spotlight on mobile app technologies and how apps collect data and share it with third parties.  

According to the GDPR (Recital 30) and e-Privacy Dir. (Article (5) 3):  

Individuals can be associated with online/device identifiers. Use or storage of information can only be done with consent 

On the other hand, the CCPA (Section 1798.120) mentions:  

A consumer can direct a business not to sell the consumer’s personal information. A ‘Sale’ is a transfer for monetary or Valuable Consideration. 

Companies developing mobile solutions and delivering upon mobile-first strategies are seeking solutions to build intelligent, data-driven applications that respect user’s privacy, build trust and fuel brand loyalty. 

Steps to Mobile App Compliance  

1 – Audit Your Application  

Chances are you did not code your mobile app yourself, so it’s important to understand what the technology is doing with regards to sharing information with third parties. The best way to understand this is to scan your application to understand software development kits (SDKs), tracking technologies, and third parties collecting data from your application. From a vendor perspective, determine which SDKs are provided by third parties and cross references your vendor inventory.  

Additionally, categorize SDKs based on data processing (strictly necessary, performance, advertising, etc.) Lastly, as part of the auditing process, understand what data you are collecting, such as location or photos, and determine the identifier for advertisers (IDFA) used for iOS devices. A combination of these considerations will give a clear picture of your app privacy health.  

2 – Create User-Friendly UX for a CMP 

Build pop-up disclosures and preference centers based on relevant jurisdictions. There are three main considerations for the UX of your CMP. First, tailor your consent banner to match your company’s brand including display, color, content, and language.

Next ensure that you are effectively explaining how the app processes data. Also, make sure you’re meeting disclosure obligations by triggering your consent mechanism at or before the time of data collections.  

Allow the user to opt-in to processing or update their preference and honor the user’s choice via consent signals to appropriate SDKs. The overall experience should be based on geolocation to meeting jurisdictional requirements.  

3 – Deploy to Mobile Application  

The last step is deploying the SDK into your mobile application. You’ll need to think about what kind of SDK is needed based on the platform your application will run on.

Once the SDK is deployed in the mobile app, you’ll want to consider continuing to leverage CMP capabilities over time. For example, rescan your application every so often to understand if there are any changes to SDKs. Also, to meet compliance standards, generate consent records to automate compliance documentation and record keeping.  

4 – Update Nutrition Label for Apps in the iOS App Store or Mac App Store 

Developers will be required to disclose all the information they and their third-party partners collect and keep their iOS 14 “labels” up to date. After scanning your application, you’ll have a better understanding of the SDKs in your mobile app. Be sure to reference the scanning results and list out the information that is being collected from your business and third parties.  

Bringing it All Together Across Devices  

A mobile application might just be one of your digital properties that you own. What about a CMP for web or an over-the-top application on a connected TV (CTV). To streamline the user experience, be sure to implement a solution that has the ability to sync consent and preferences across devices.  

As we continue to navigate the ever-changing ad tech landscape, three components should likely continue to be at the forefront of every publisher’s digital strategy: privacy, control and trust.  

Join the webinariOS 14 IDFA Changes: How to Maximize Opt-Ins 

Further Mobile App Compliance reading:  

Next steps on:  


Onetrust All Rights Reserved