Google Play’s data deletion badge and data deletion area within the Data safety section give users a new set of transparency and controls over their user data while providing developers with a way to showcase how they treat user data responsibly. If your app allows users to create an account from within your app, our user data policy requires that it must also allow users to request that their account be deleted.
The user data policy's account deletion requirement means that:
- All developers must complete new data deletion questions in the Data safety form on the App content page (Policy > App content) in Play Console.
- If your app enables account creation, you must:
- provide users with an in-app path to delete their app accounts and associated data; and
- provide a web link resource where users can request app account deletion and associated data deletion. You have the opportunity to show users if you delete other data too.
Make sure that you read the policy
in full and ensure that you understand and comply as some information you provide about account and data deletion will be visible on your app's store listing. Developers who are not in compliance by the deadline or after the extension period may be subject to enforcement actions.
In early 2024, Google Play users will begin to see reflected changes in your store listing where they can:
- view privacy control features that your app offers with the refreshed data deletion badge in the Data safety section on your app’s store listing; and
- control their data by following your links in the data deletion area, where they can submit requests to delete their account and/or other data where applicable.
You can expand the section below to see how this might look to users in your store listing if you support account deletion.What users will see if your app supports account deletion
Note: Images are examples and subject to change
We anticipate the following timeline for roll-out in Play Console and Google Play. Note that this is subject to change; updates will be posted in this article.
- April 2023: We announced the new account deletion requirements and added the new data deletion questions within your Data safety form. You can find this form on the App content page in Play Console.
- You can now fill in and submit the form to receive early feedback on identified issues. Complete these questions early to make sure that your information is reviewed and approved before the feature launches to consumers next year.
- If there are issues with your answers to the data deletion questions in your Data safety form, new submissions and app updates will be rejected in Play Console. You can temporarily proceed with app and Data safety form updates by clearing your responses to the Data deletion questions.
- 7 December 2023: Deadline to complete the data deletion questions.
- Without an extension (available in October within Play Console), app updates will require completed data deletion questions in your Data safety form. You will no longer be able to publish a new app or app update if these questions are incomplete or have unaddressed issues.
- If you need more time to complete the Data deletion questions of the Data safety form, you can request an extension to 31 May 2024. We will let you know when this extension form is available in Play Console.
- Early next year: Users can start to see the new Data deletion badge and Data deletion area on your app’s store listing in Google Play.
- The previous Data deletion badge will be removed and no longer shown for all apps.
- In order for your app to show the new badge, you must have an approved Data safety form, including the Data deletion questions, in Play Console.
- After 31 May 2024: Non-compliant apps may face additional enforcement actions in the future, such as the removal of your app from Google Play.
An app account is a unique user identity that developers provide as a user-facing feature to serve the user across applications and/or devices (can often include use of usernames, email addresses and passwords). App accounts provide a mechanism for a user to authenticate and generally include a mechanism to verify an identity, such as password, phone number OTP (one-time password), 2FA (two-factor authentication), biometric, SSO (single sign-on) and so on.
Your app supports account creation within the app if a user can complete creating an app account directly in the app or if the app directs the user to an app-account creation flow outside the app.
If your app offers account creation in any part of the app experience, then you still need to offer app-account deletion even if some features can be accessed without an account.
A full end-to-end, mobile-first account deletion can be a great user experience. However, we understand that this might not yet be feasible for some developers, so we’re giving you options on how to meet this requirement. As an alternative, you can choose to provide a link within your app that takes users to your app account deletion web resource.
When you delete an app account based on a user’s request, you must also delete the user data associated with that app account. It is possible that your app might need to retain certain data for legitimate reasons such as security, fraud prevention or regulatory compliance. Examples of user data include: personal and sensitive user data, personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call-related data, health data, Health Connect data, inventory of other apps on the device, microphone, camera, and other sensitive device or usage data. All user data indicated as collected in your Data safety section is within scope. Those apps within highly regulated industries that require additional retention periods must clearly inform users within their data retention policies.
If your app relies on service providers to process user data, you should delete the data from your own servers and request that the service provider do the same.
You should let users know what to expect and complete their requests within a reasonably quick period of time. Make sure that you check with your legal advisors as laws and regulations in some countries impose specific requirements and restrictions concerning data deletion and retention.
Yes, all developers will be prompted and required to answer a new set of questions in the Data safety form focused on deletion practices. If your app is within the scope of the policy requirements, you must disclose whether your app provides account deletion and provide the web link within your Data safety form in Play Console. Some updates to your form will be reflected on your app store listing’s Data safety section.
Some users might have already uninstalled your app or may not be able to access your in-app experience for a variety of other reasons. We want to ensure that all users can still exercise control over their data by being able to go to the web-link-based deletion resource that developers provide. This means that your web resource should give users a way to request that their data be deleted without sending the user back to the app and requiring them to re-download it to submit their request.
The web link must be functional (for example, loads without error), relevant in scope (for example, the pathway to request account deletion should be prominently featured and easily discoverable on the page) and reference the app or developer name (that is, as it appears on your store listing in Google Play). The user must be able to request deletion of their account through the pathway. You can offer this in many ways, like an additional link that initiates account deletion, a customer service email or a form through which they can submit a request. If the user needs to take additional steps before deleting their account (for example, cancelling a subscription), this must be clearly outlined and a support flow must be available for users to initiate. If you plan to use existing privacy or data retention policies to fulfil this requirement, the data deletion section should be highlighted and reasonably prominent (for example, through an anchor link).
Permanently private and enterprise device management apps are exempt from this policy requirement. Please note that if your app falls within a highly regulated industry (such as utilities, healthcare or financial services, for example), it is permissible if you need to provide additional flows to facilitate account deletion requests to completion. As a reminder, accounts that are created and operated offline are not app accounts and do not fall within policy scope.
The requirements for your in-app path to deletion should be intuitive for the user. This means that the pathway should be prominent (for example, within the account settings or a similar section). We recognise that there are many ways in which developers can implement this within their apps.