GDPR (Europe & possible extraterritorial applicability)
The General Data Protection usa consumer email list Regulation is considered to be the most complex piece of regulation with many obligations imposed on entities collecting or indirectly using users’ personal data. We mentioned some of them in our article on 5 Key Legal Issues to Consider in your Mobile App Development in 2021. GDPR does not state a clear obligation to provide users with a privacy policy, but rather imposes many information obligations which should be delivered to users. The most popular way and, at the same time, the most convenient for users, is to pack it in one document, namely a privacy policy. Please remember that GDPR applies if you address your services to users which may be residents of the EU, regardless of the location of your seat.
In terms of a privacy policy, GDPR requires to include in it information about, among others:
Who collects the personal data (identity of the controller).
The purposes and legal basis of processing of personal data.
The source of the personal data.
Information about the rights of users under GDPR.
For how long the data will be stored.
To whom the data is transferred, if applicable.
The Privacy Act of 1988 (Australia)