Table of Contents
As of June 30, 2022, all iOS apps that support account creation must also allow users to delete their accounts from inside the app.
Read on to learn more about the Apple account deletion requirement and how to comply. Along the way, we'll cover when you need to comply with this rule, what happens if you don't offer account deletion for your app, and data subject access requests (DSARs).
We'll also discuss how Enzuzo can help you set up an easy account deletion flow.
We have an easy solution to help Mobile App Developers become compliant with Apple's Account Deletion requirement.
What is Apple’s Account Deletion Requirement for iOS Apps?
Apple's account deletion requirement rule requires apps that support account creation to have a mechanism that allows users to delete their accounts from inside the apps themselves.
This requirement impacts any company with an iOS App Store app that offers account creation but doesn't have an in-app option for account deletion.
When Do You Need To Comply with This Rule?
You must comply with the rule immediately. Apple account deletion within apps has been required since June 30, 2022.
What Happens If I Don’t Offer Account Deletion for my App?
Non-compliance may lead to blocked updates or the removal of your app from the iOS store.
What is a Data Subject Access Request (DSAR)?
A DSAR is a user's request to access, delete, or modify the personal data that a business has collected about them. Users often submit DSARs to delete their accounts. Most DSARs are submitted through email, but they can be made through any channel, including social media.
To meet Apple's account deletion requirement, many apps have included a DSAR mechanism. This is usually a button that users can press to send DSARs.
Another reason for including a DSAR mechanism is to comply with privacy laws like the GDPR and the CCPA, which give users the right to make DSARs. Businesses must follow relevant rules and regulations when fulfilling DSARs or risk fines and other penalties.
For example, if the GDPR applies to your website, you must follow the GDPR's guidelines for fulfilling DSARs.
What Does a DSAR Look Like?
DSARs vary greatly depending on who's writing them. However, most include the following:
- The data subject's name
- A subject line or header stating their reason for contacting you
- A list of the data they want from your business
- Their reason(s) for requesting the data. For instance, they may want to update their data or have it deleted from your company records.
- Other details to help your business locate their information. This could include a reference number, when they had previously submitted their data to you, and their contact details.
Here's what a sample DSAR looks like:
Data Subject Access Request
To whom it may concern,
My name is Jane Doe and I've been a regular user of your eCommerce store since April 2018.
Could you please provide the personal information that your company has gathered from me? I have the right to request this information under the General Data Protection Regulation (GDPR).
I specifically want the following:
- Email address
- Purchase records
Please send me this information in a PDF. I also want this data and my account deleted. If you need any other information from me to complete this request, please inform me.
Thank you so much in advance,
What Happens If I Don't Respond to DSARs in Time?
Once you receive a DSAR, you are required to respond promptly. In most cases, you usually have a month to provide the requested data.
If you don't respond in time, you may face severe consequences. For example, if you have clients or users in the EU, the GDPR will apply to you. The EU data protection authorities can impose fines of 4% of your worldwide turnover for the preceding financial year or €20 million, whichever is higher.
Other privacy laws, such as California's CCPA, tend to be less strict. However, they typically allow consumers to seek legal action against your business if their data is involved in a breach.
They may also penalize your company for violating the act. Under the CCPA, the penalties are $7,500 for each intentional and $2,500 for each unintentional violation.
How To Set Up an Easy Account Deletion Workflow
Follow these steps to get started:
Fill in the form by answering questions about:
- Your legal business name
- Your business address
- How customers can reach you for additional privacy questions
- Your border style
- Whether you collect data from customers or users in the United States, European Union, United Kingdom, Canada, Brazil, or other countries
- Creating a new app page
Step Three: Users Submit Requests Through the Built-in Form
Enzuzo's privacy policies have built-in data request buttons for CCPA and GDPR data requests.
Optional: Link Directly to Your DSAR Page From Anywhere in Your App
To ensure that users know their rights and have an easy way to make DSARs, consider linking directly to your DSAR form from anywhere in your app. For example, you can link it in checkout before users pay for goods. You can also link your DSAR form in the footer, menu, blog posts, and other relevant pages.
Coming Soon: Enzuzo's Consumer Data Request Form
Three ways Enzuzo can help make your Mobile App compliant
Specifically, Enzuzo lets you automate privacy compliance and stay up to date with relevant legislation. What's more, all of our features are designed for mobile viewing.
Automate Privacy Compliance
Enzuzo empowers you to automate privacy compliance by including everything you need in one easy-to-use dashboard. With everything just a click or two away, you'll never miss a DSAR.
Here's how you can use our DSAR workflow to complete data requests:
- Verify your customers' identities. Enzuzo verifies your customers' identities so you only process DSARs from confirmed clients. This prevents personal information from being leaked to the wrong person.
- Get reminders. Enzuzo will send you regular reminders for finishing the DSARs on time.
- Complete request. Use Enzuzo's dashboard to quickly complete requests and ensure that client data is deleted. You can also generate reports to demonstrate compliance.
Stay Up to Date
Most people don't have the time or energy to read up on privacy law updates, leading to lapses in compliance. That's where Enzuzo comes in. We automatically keep our legal policies and features up to date based on ever-changing privacy laws worldwide, so you're always covered.
Formatted for Mobile
Last but not least, all of our features are designed for mobile viewing and use accordion drop-down menus. This makes it easy for your users to read your policies and quickly locate the information they want.
How iOS App Ukart uses Enzuzo to streamline account deletion
Many companies have been using Enzuzo to streamline account deletion. A great example is the iOS app Ukart, an app for following karting races.
Under its settings menu, you can easily find a button for account deletion:
Why you need an affordable solution for Mobile App Compliance
Mobile app compliance can be costly and time-consuming, especially if you're doing all the research and formatting yourself.
That's where an all-in-one mobile app compliance platform like Enzuzo comes in. Besides helping you comply with the Apple delete account requirement, Enzuzo can also help you manage and respond to DSARs. You can also use it to generate privacy policies, cookie banners, and terms of service agreements.
Interested in learning more about how Enzuzo can help you? Create a free account today.
Paige is the growth marketing lead at Enzuzo and host of The Living Lab podcast.