August 9, 2020

Volume X, Number 222

August 07, 2020

Subscribe to Latest Legal News and Analysis

August 06, 2020

Subscribe to Latest Legal News and Analysis

Apple Eases Push Notification and Other Privacy Restrictions

Apple recently revised its review guidelines to allow push notifications that include “advertising, promotions, or direct marketing.”  This changes a prior -and longstanding- prohibition on push notices that contain such content. Customers must affirmatively opt in to get promotional push notices, though (“through consent language displayed in your app’s UI”). They must also be able to opt out through an in-app mechanism.  Although promotional push notices were previously prohibited, many apps sent them. These modifications may be a step by Apple to acknowledge this use and put requirements in place around it.

The review guidelines also include other changes with an impact on information collection, use and sharing. These include for apps that provide services in “highly-regulated fields.” Such apps must be submitted by the regulated entity (i.e., the one providing the regulated services) rather than the app developer. For example, if a bank hires an app developer to create an app for the bank, the bank should submit the app to the Apple App Store, not the developer it hired to make the app.

Another change are the provisions for apps that provide users with Mobile Device Management (MDM) tools. Previously those apps were prohibited from “disclosing to third parties” any data. Now those apps can share information but only if it is about the “performance of the developer’s MDM app” and does not include user data (“data about the user, the user’s device, or other apps used on that device”).

Putting it into PracticeApple’s modified guidelines may help companies that send push notices, as well as those that provide MDM apps. For companies in regulated areas, keep in mind the new requirement on who should be submitting apps to the Apple App Store.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 100


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

Bridget Russel, Business Trial Legal Specialist, Sheppard Mullin


Bridget Russell is an associate in the Business Trial Practice Group in the firm's Century City office.