The changes come in the wake of Facebook’s Cambridge Analytica scandal, which prompted Apple to criticize the social media giant for its handling of user data.
Under the new scheme, developers may no longer create, share or sell databases of address book information they collect from iPhone users.
Such information could include names, phone numbers, addresses, birthdays, and even photos. Apple also now requires developers to get consent from users for each specific use of their contact list.
Without such restrictions, developers have typically used address book information for marketing purposes or have sold the information. Apple CEO Tim Cook was critical of the way Facebook let third-party developers handle data this way, after it was revealed how the shady analytics firm Cambridge Analytica obtained Facebook data.
“The ability of anyone to know what you’ve been browsing about for years, who your contacts are, who their contacts are, things you like and dislike, and every intimate detail of your life — from my own point of view, it shouldn’t exist,” Cook said in March.
Meanwhile, Apple has highlighted other steps it’s taken to promote user privacy, such as new Safari-based efforts to counter tracking.
Commenting on the move, Ian Woolley, Chief Revenue Officer at Ensighten, said: “Apple is taking the new GDPR data provisions for customer privacy very seriously and publicly, with action. With address book requests coming from all kinds of apps like Instagram or Snapchat, last night Apple took a stance against the vacuuming of such data with a new set of rules for developers which restrict those apps sucking up the address books of iPhone users.
“While almost all online businesses collect data, only a handful of brands process data at Apple’s scale – and their new pledge demonstrates their commitment towards maintaining consumer privacy.
“With Apple’s new rules prohibiting developers from accessing individuals’ information, especially as it prevents data from individuals’ contacts (who couldn’t give consent) being taken, we see a strong privacy orientation which should impress consumers.
“In the new GDPR world it’s critically important for brands to understand that consumer trust is the new currency. Trust is built by design, which now includes how data is collected and shared within brands’ underlying website or app technologies long before consent is granted.”