On May 6, Google announced that mobile app developers will be required to publish their privacy policies and make other privacy disclosures in a new “safety” section within Google Play beginning in Q2 2022. Google’s announcement is reminiscent of Apple’s June 2020 announcement that app developers publishing in its App Store must publish privacy “nutrition labels.”

As of Q2 2022, developers publishing on Google Play will be required to include in their privacy policies or otherwise disclose:

  1. The type of data the app collects or shares,
  2. Whether the data collected is required for the app to function or if users have a choice in sharing it,
  3. Whether the app enables users to request data deletion if they uninstall the app,
  4. Whether the app utilizes data encryption or has other security features,
  5. Whether the app’s “safety” section disclosures have been verified by an independent third party, and
  6. Whether the app follows Google’s Families policy.

Google plans to allow developers access to the new “safety” section by Q4 2021, with user access beginning in Q1 2022.

Google’s announcement, like Apple’s earlier announcement, signals again that some industry leaders are committed to making privacy policies and related privacy disclosures simpler and more consumer friendly. That commitment picks up on concerns that regulators have focused on for years.

As a reminder, privacy policies should incorporate all disclosures required by governing privacy laws and regulations, which requires an initial assessment to determine which privacy laws and regulations apply. The governing laws and regulations could include, among other possibilities, the Gramm-Leach-Bliley Act (GLBA), the Health Information Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Rights Act (CPRA), or the Virginia Consumer Data Protection Act (CDPA).

Moreover, because the FTC and other regulators read privacy statements as contractual commitments, companies should confirm that their privacy policies and related privacy disclosures are accurate.