Top 5 best practice tips for obtaining mobile app consent

There are many factors to consider when launching and operating a successful mobile app, and every aspect must be thought out in detail. Factors such as user experience, app store optimization, offline functionality, privacy and security, marketing, and the real value that your app delivers in users’ everyday lives.

Data privacy has become a primary consideration for mobile app developers looking to protect revenue and build trusted relationships with their users.

Failure to consider mobile app consent can lead to a breakdown in trust between the consumer and app developer. This has already led to significant financial penalties for mobile apps that fall foul of data regulations such as the California Consumer Privacy Act (CCPA), Brazilian General Data Protection Law (LGPD), ePrivacy and of course, the European Union’s General Data Protection Regulation (GDPR).

In the EU, the GDPR is a regulation that came into effect in May 2018, and is designed to give individuals control over their personal data. The GDPR dictates that app owners must seek explicit consent from their users before they are allowed to collect, use, or sell individuals’ personal data. GDPR-compliant mobile app consent could include data such as location, name, address, telephone number, biometric, health or financial data. It is important to remember that the GDPR also covers cookie consent, and any data that could be used to identify an individual, like IP address, so mobile app developers need to consider cookie consent as well.

Mobile apps do need consumer data for many legitimate and necessary reasons. We will share 5 best practice tips for obtaining and managing mobile app consent.

Context plays a huge part in human decision-making. An app user is far more likely to grant you permission to use their data if they understand exactly what data you are asking for, and why you are asking for it. What is in it for the user if they grant permission for you to use their data?

Presenting disclosure at the point you request the use of individuals’ data is advisable, and legally required with some privacy laws. As an example, let’s say your app is for a fashion retailer, and you offer a free home delivery service. If you ask a customer for consent to use their location data while they are busy browsing men’s shirts, it doesn’t make much sense to the user as to why you need that data. However, if you present that same consent request while the user is checking out and arranging the delivery, contextually speaking, it will make more sense to the consumer that you need location data to deliver that service.

Being upfront, transparent and clear about what data you need, and what’s in it for the consumer, helps people to make informed decisions and can build trust between you and your users.

While we all want our mobile app users to grant consent, it is also important that you provide a clear and easy way for consumers to decline.

It’s also a good idea to make it easy for your users to change their mobile app consent preferences at a later date, and is a legal requirement of some privacy laws. It is a violation of the GDPR to make consent a condition of use, however. If a consumer declines consent, and that data is necessary to power a certain feature, then degrading that feature on your app might make sense. Using the example from before, if a consumer declines your request to use location data, and then realizes as a result that they can’t see where their delivery driver is, they may want to grant consent at a later date. Make it easy for them to change their mind.

Remember, the GDPR requires explicit consent from the consumer for their data to be used (or not), so it is important that you are clear and transparent with your requests, and that both accept and decline options are offered equally.

Some apps, in the early days of the GDPR, seemed to try and seek user consent by writing vague or confusing consent messages. In 2023, this is no longer a “safe”tactic. Not only has enforcement ramped up, but consumers are far more knowledgeable about what data might form a part of any mobile app consent process, and what their rights are in relation to their data.

Being explicit, clear and transparent will help to build trust while giving your app users the best chance to make an informed decision.

When you use clear language that makes sense to your users, you have a better chance of them granting you consent to use their data. To that end, Google recommends that you should write your mobile app consent messages to the reading age of a 13-year-old. (Under many laws, 13 is the age when individuals can legally provide their own consent, rather than requiring a parent or guardian.)

It is important that your disclosure prompts don’t look like the OS notifications, as this may confuse your consumers.

You want your users to understand that it is your specific app that is asking to use this data and not Apple or Google. Once again we’ll use the example of a fashion retailer mobile app. If a mobile app user thinks that it is you, the shopping app, asking for consent to use location data so that the user can track their deliveries, there is a good chance that consent will be accepted. A good consent management solution will enable you to customize the user interface and user experience.

By comparison, if a user mistakenly thinks that the request for the use of location data is the OS asking for consent, they may think they are giving permission for all apps to use their location data, and decline.

In order to build trust and deliver a seamless user experience, ensure that functions like your disclosure prompts look and feel like your own app, with the same fonts, colors, etc.

The ideal placement for your consent request is within the normal user journey at a point that makes contextual sense. (See tip number 1 above for more details.)

Consumers are increasingly educated about their data rights, so trying to distract or confuse them is a risky business, both for user trust and regulatory compliance.

It is really important to be transparent, clear and specific about the consent you request if you wish to build a long-term, trusting business relationship with your users. The GDPR requires consent to be “freely given, specific, informed and unambiguous”.

Writing in clear and simple language that is easy to understand is important, as your mobile app users often won’t spend a lot of time making the decision to accept or decline consent. If your audience is global, being able to present information and requests in multiple languages can also be valuable.

Be very clear about what the users get out of the transaction in return for granting consent. People want to know what’s in it for them, so make sure they know.

What: What specific data are you asking for consent to use?

Why: Be transparent on the core purpose(s) for which your app is requesting consent to use an individual’s data. Studies have shown that users are more likely to uninstall an app if they don’t understand why it is asking for permission.

How: Tell your mobile app users how you will use their data, how it will be stored and how they can change their preferences in the future.

Clarity: Use clear, simple language that is easy to read and understand. Google recommends writing your GDPR mobile app consent requests to a reading age of 13. While brevity is the goal, longer explanations that enable the user to fully understand are better than shorter explanations that leave doubt.

Third parties: Don’t forget to include details of any third parties that you wish to also share a user’s data with, and why that third party needs access.

Achieving privacy compliance need not be a headache. A Consent Management Platform, such as the one offered by Usercentrics, can help you to manage the processes of obtaining, managing, and optimizing mobile app consent. Still have questions? Talk to one of our experts. We’re here to help.

Usercentrics does not provide legal advice regarding data privacy compliance. It is always recommended to consult qualified legal counsel regarding your specific data privacy and consent management needs.