I’m sure you know that PP is legal short hand for privacy policy. If you are an app developer, know that Android is doing a purge of its App Store on March 15th. If you don’t have a privacy policy yet, your app could be kicked off or demoted in ranking.

Google and Apple have both been working to remove low-quality or dangerous apps. It’s hard to make that determination with expensive testing, so Google is essentially using missing privacy policies as an indicator that you are a so-called fringe app. This story arose when a warning was sent to some app developers, saying something to effect of: “Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.”  It’s likely the purge will expand beyond those who received letters earlier this year and turn into a recurring process for the App Store. In short, make sure you have a privacy policy.

“No Problem, I’ll Just Copy Someone Else’s”

Deceptive privacy statements are prohibited under the FTC Act and copying privacy policies is a common way to accidentally say something untrue about your data. The Federal Trade Commission just reemphasized that they are focusing on deceptive statements in privacy policies and went after three companies a few weeks ago for likely doing this. The three companies mistakenly claimed to participate with an Asian-Pacific privacy program – very likely a result of copying and pasting. So far, their consent decree involves ongoing compliance monitoring and recordkeeping for 20 years. Translation: it was expensive.

So maybe you want to try writing one yourself? Take it from someone who’s reviewed thousands of privacy policies – it’s not easy to write one correctly. I’ve routinely discovered and helped fix serious privacy policy errors missed by fortune 500 companies, who had teams of lawyers review them before I did. Even they get it wrong from time to time. Unlike longstanding areas of law, like wills or contracts, privacy laws are like the technologies they describe – new, highly technical, and rapidly evolving. It’s quite possible to get in more trouble for writing a bad privacy policy than not having one at all.

It Pays to Do It Right

Android’s purge shows that privacy is not just a legal checkbox anymore. Users and platforms increasingly care about privacy, and will delete apps when companies mess up. Pokemon GO took a hit after people revealed that it required full access to your Google account to log in. Yahoo lost hundreds of millions after some easily-fixable security gaffs. Investors are even starting to look at company’s privacy practices before funding them. From an engineering point-of-view, it’s way cheaper and easier to design your app with privacy and security built-in from scratch, than to rewrite certain portions of your app to match what you’ve claimed in your privacy policy. With both legal and technical expertise, we can help you build your app the right way and make accurate and complete disclosures of your data flows.

Author, Shaq Katikala, is Privacy Counsel at M/L and has reviewed over 10,000 privacy policies, top that.