Personal Data Permissions

Our app was rejected, after being in the App Store for more than a year, for requesting personal data from users and then uploading it to our servers without notifying users.


This was the rejection notice "To collect personal data with your app, you must make it clear to the user that their personal data will be uploaded to your server and you must obtain the user's consent before the data is uploaded."


Does anyone know if this permission (a permission asking the user whether or not they consent to their personal data being collected) is required if we decide to store the data locally instead of uploading it to our servers? We don't want to scare users with a messag, especially since we're collecting data that is not really even that "personal".

I'm not sure it's for you to decide which data is personal enough.

You know there are more and more regulation such as GDPR to comply with.


What do you mean "locally" ? On device ? If so, I don't see why there would be any problem.


You should explain this clearly to the review board if you make this change.

It's not just about what you do with it, it begins with having it at all. See the ASRGs 1.6 Data Security & all points under 5.1 Privacy.

> Does anyone know if this permission (a permission asking the user whether or not they consent to their personal data being collected) is required if we decide to store the data locally instead of uploading it to our servers? We don't want to scare users with a messag, especially since we're collecting data that is not really even that "personal".


You certainly need permission to 'transmit' personal data. You also need permission to 'collect' personal data according to 5.1.1 ii. If the message to the user indicates what data being collected "is not really even that 'personal'" it may not scare the user.

Personal Data Permissions
 
 
Q