I have a simple application in the play store that doesn’t have access to the users personal information (uses only bluetooth and network).
I have been considering using the Firebase analytics to get some insights how people use the app and where I can improve. However I have a serious problem with understanding all the legal obligations that would involve. From what I gather, I would need a privacy policy, which is not a problem. But from what I can see Firebase Analytics Policy I would need to comply with European Union User Consent Policy.
So as I understand the app would need to display some form of a dialog where the user would agree or not for the data collection. The issue is, I’m afraid most of the people would say no, which is they right. But I’m asking if I really need to do this, because I don’t think I have ever seen a single app asking me for this sort of agreement (while I can see many websites doing that).
Even if Google doesn't provide an exact answer for what needs to be done, they provided a lot of guidance both in Firebase terms, and within their EU user consent policy pages.
--> most importantly don't forget about the opt-outs.
&
--> obtain consent
Now, Google even provides some basics about how a message like that might look like in an app and how a notice code would work:
When it comes to legal theory, this is what the European think tank on privacy says in “Opinion 02/2013 on apps on smart devices” [WP29]. In short, it is
It's not impossible, though since I work on these topics daily at iubenda (we've recently finished all integrations regarding Firebase), I understand that it might look overwhelming at first.
Here are some rules of thumb:
p.s. next time you'll probably want to go ask on Law or UI in the StackExchange network, since this is only related with the programming part quite marginally. If this is interesting to you, you might like to follow iubenda along on our journey to make these tasks easier for devs like you and me :)