Google Play PolicyBytes - Data safety form walkthrough - read the full article about July Google update, Search engine optimization and from Android Developers on Qualified.One
[INTRO MUSIC PLAYING] TUSHAR PANDEY: Hello, everyone.
Im Tushar from the Google Play Trust and Safety team, and welcome to the Google Play PolicyBytes, Developer Console Form Walkthroughs series.
In this video, we are covering Data Safety From.
The question by question walkthrough of this form would explain key definitions and requirements, clarify data types, simplify questions across all sections, and share relevant resources so that you can accurately complete the Declaration form and submit it for review.
What is the Data safety section? The Data safety section on Google Play is a simple way for you to help people understand what user data your app collects or shares, as well as showcase your apps key privacy and security practices.
This information would help users make more informed choices when deciding what apps to install.
All developers that have an app published on Google Play must complete the Data safety form, including apps on internal, closed, open, or production testing tracks.
Here is the timeline for your reference.
Please note, the Data safety section is an experience in the Google Play Apps Details page and is intended to be shown at the point of download.
Developers that collect personal and sensitive user data must also implement in-app disclosures and consent where required by the existing Google Play user data policy.
Here are some important factors to keep in mind-- review how your app collects and shares user data by checking your apps declared permissions and the APIs used.
Review how any third-party code, such as third-party libraries or SDKs, in your app collects and shares such data.
Google Play will have one Data safety section in the Google Play store listing per package name.
That is agnostic to usage, app version, region, et cetera.
Hence, your Data safety section should be a global representation and describe to some of your apps data collection and sharing across all its versions.
You can use the About this app section to share version-specific information with your users.
Where will you find this form? In Play Console, scroll down to the bottom.
Under Policy, click on App content.
In App content, look for Data safety, and click on Start.
This opens up the first part of Data safety form.
Before you start filling up the form, please read the Overview section.
This provides information about the questions you will be asked and the information you will need to provide.
It also defines some terms used in the form and scope of disclosures with Help Center links.
When youre finished reading and are ready to get started, click on Next.
Before we begin with the questions in the declaration form, please notice the Export to CSV and Import from CSV options on the top right of the screen.
Let me share a few use cases of this feature.
Example, if you want to complete the form offline, you can download a sample CSV and import your completed form.
Another example is, suppose you own multiple apps with similar data schemas.
Through this feature, you can export one form responses to a CSV file and easily transfer the details to each apps CSV and import.
Let me show you how.
Based on answer requirement, enter True or False in Response value column.
If your answer to any question is yes, enter True, else False.
To know more, please refer to Import or export your form responses section in the Help Center article.
This is the second part of the Data safety form, which is about data collection and security.
The first question is, does your app collect or share any of the required user data types? To answer this, we need to understand three terms-- data types, collect, and share.
To know which data types are in scope of disclosure, click on View required data types.
This will take you to the Data safety section Help Center article, where you can check which data types are in scope.
If you scroll above, you will also find the definitions of Data collection and Data sharing.
"Collect" means transmitting data from your app off a users device.
Data collection, which is considered in scope and not in scope, are mentioned here.
Lets move on to Data sharing.
"Sharing" refers to transferring user data collected from your app to a third party.
Now you may ask, what our first and third parties? If you scroll below, you can see the definition here.
Coming back to Sharing-- what is included and what types of data transfers do not need to be disclosed as sharing are also described in detail.
Now once youre clear about these terms, lets go back to the question.
If any of the data types is collected or shared, select Yes.
Coming back to the Data collection and security section, the next question is, is all of the user data collected by your app encrypted in transit? To understand what encrypted in transit means, click on Learn about how you should answer.
This will take you to the Help Center article.
Under Other app and data disclosures, please read the definition carefully.
Some well-known industry standards to safely encrypt your apps data in transit are TLS, Transport Layer Security, HTTPS, Hypertext Transfer Protocol Secure.
Coming back to the question, if all user data collected by your app is encrypted in transit, then select yes.
Select No if you support partial or no data encryption in transit.
Next, do you provide a way for users to request that their data is deleted? Here we expect the presence of a request mechanism for data deletion only.
Let me share an example of a mechanism.
Suppose you provide a link or email address that users can use to request data deletion.
The support of data deletion requests can be disclosed to your users directly.
How you respond to individual deletion requests is out of scope for your Data safety section.
Now coming back to the question, if your app provides any mechanism to receive data deletion requests from users, select Yes, else, Select No.
And once you have completed all questions in this section, you can click on Next.
Now we have reached the third part of the Data safety form, called Data types, where you need to disclose all the user data types collected or shared by your app.
But how do you know which data types your app is collecting or sharing? One great resource is available at developer.android.com.
Look for Review how your app collects and shares user data technical guide.
This would provide examples of places in your apps code where your app may collect different types of user data.
In particular, it provides examples of permission declarations and API calls that your app may use to collect or share a particular type of user data.
Now coming back to the form, apart from the instructions mentioned here, some important factors to keep in mind are review the Help Center guidance and exemptions.
In some cases, there may be applicable collection exemptions such as end-to-end encrypted data or sharing exemptions such as a service provider.
For data in scope, even one time of partial access needs to be declared.
Example, one time access to Photos to upload a file versus monitoring all photos on the device.
If data collection meets the ephemeral requirements, you will still need to disclose the collection.
However, it will not be shown to users in your apps store listing.
You should also declare the collection of data that users add for account management.
In this section, select the checkbox if that data type is collected or shared.
If you need to know more about a particular data type, move your cursor on the question mark.
Please note, if youre purposefully collecting a data type during the collection of another data type, you should disclose both.
For example, if you collect photos and use it to determine users characteristics such as race and ethnicity, then you should also disclose the collection of race and ethnicity.
Another example, if you use IP addresses as a means to determine location, then that data type should also be declared.
Please note, your app may include third-party SDKs and libraries that can access user data.
If a third-party SDK or library in your app collects or shares user data, you must reflect this collection and sharing in the Data safety form.
To assist developers, many SDK providers have also published their data collection and sharing practices externally.
You can visit SDK Index for links to data safety guidance offered by many SDK providers.
So if you have incorporated SDKs into your app, reach out to the SDK developers or use such published information to understand how it handles end user data.
This will help you decide how to respond to Google Plays Data safety form regarding your apps end user data collection, sharing, and security practices.
Once you have selected all the user data types collected or shared by your app, click on Next.
Now we have reached the fourth part of the Data safety form, which is Data usage and handling section.
Here you need to answer questions about how the data is used and handled for each user data type your app collects or shares.
Lets take this data type as an example.
And to begin, click on Start.
Now you need to answer a set of questions for the data Ive selected.
The first question is, is this data collected, shared, or both? Select all that apply.
Now your individually disclosing collection or sharing of a data type.
Next, is this data processed ephemerally? Based on the definition shown here, select the appropriate option.
Please note, ephemeral may only be selected for collection of data types.
It is not applicable to sharing.
Next, is this data required for your app, or can users choose whether it is collected? If your apps primary functionality requires the data type, you should declare that data type as required.
Select this option if users can opt out of the collection of that data type.
Please note, at this point the Data safety form only supports optional attributes for data collection.
There is no optional attribute for sharing.
Next two questions are, why is this user data collected? Why is this user data shared? Here you need to disclose the purpose of data collection and sharing.
Example, this is an opportunity to indicate your intention and usage of the collected or shared data types to your users.
Consumers trust the app more if they know their data will be treated responsibly.
After completing all questions, click on Save.
And when youre finished answering questions on data usage and handling for all data types, click on Next to move on to the next section.
Now we have reached the last part of the Data safety form, which is Preview.
Based on your form responses, you will be able to see a Store listing preview, which indicates how the Data safety section will appear in your store listing.
If you are ready to submit your completed form, review this information.
And if this seems fine, click on Save.
You may submit or update your Data safety form independent of any other app updates.
If you want to go back and change something, you can select Back to amend your answers.
If youre not sure about something, you can select Save as Draft and return to the form later.
If you select Discard changes, you will need to start the form again.
After you complete and submit the Data safety form, the information you provide will be reviewed by Google as a part of app review process.
Until the policy deadline, if there are outstanding issues in your Data safety form, you can temporarily proceed to publish app updates by manually reverting your Data safety form in Play Console back to Draft mode.
You are responsible for making complete and accurate declarations in your app store listing on Google Play.
Google Play reviews apps across all policy requirements.
However, we cannot make determinations on behalf of the developers of how they handle user data.
Only you possess all the information required to complete the Data safety form.
When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action.
Please ensure your Data safety form responses remain accurate and complete at all times.
You should update your Data safety form when there are relevant changes to the data practices of your app.
We hope this video has clarified some of your questions and can help support your submissions.
We have also created various guidance and resources like Policy Center, Help Center Article, FAQs, Play Academy Course, Developer Guides to help you submit consistent and accurate declarations.
Thank you for your continued partnership to help build Google Play a safe and trustworthy platform for everyone.
Until next time, stay safe and stay healthy.
Android Developers: Google Play PolicyBytes - Data safety form walkthrough - Search engine optimization