Earlier this week on the Android Developer blog, Google announced plans to require mobile apps on the Google Play store to make some changes. Following in iOS’s footsteps, these apps will require apps that allow users to create accounts, to be able to delete those accounts (and any related data) from with-in the mobile app. Further, Google will also require the ability to delete the account (and related data) from a web portal.
Given that this is a large scale change, the rollout will continue through 2023, and into 2024. Developers are asked to update their Data Safety form by December 7th. Starting in early 2024, users will see the updated form information in the store listings.
What the notice didn’t say, but I feel is implied – is non-compliance isn’t optional, and failing to adhere to the new requirements may result in enforcement action, ranging from a warning through developer account termination as is outlined in their support pages.
Increasingly, marketplace policies and data protection regulations around the globe are requiring companies to build out support to exercise various Data Subject Access Rights (DSARs) such as data access or account deletion. Complying with these marketplace policies may actually put a company ahead of a related impending regulatory requirements. With the alignment of behavior between Google Play and the App Store, I feel this will push the industry to develop / integrate these features and bring (limited) data protection to more people than may be presently covered under regulation.
As with regulation however, it’s going to come down to how aggressively the stores enforce these requirements and how willing they are to stick to the deadlines. Apple delayed their rollout twice. I have to wonder if Google will ultimately do the same, or if the developer resistance will be less this time around due to all the laws that have gone into effect over the past year.