[cton]

Relevant text under 5.1.1 (v):

> (v) Account Sign-In: If your app doesn’t include significant account-based features, let people use it without a login. If your app supports account creation, you must also offer account deletion within the app. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.

[toxik]

Weird how these integrity precautions are being championed by Apple and not the EU or US, democracy is dead, long live corpocracy

[stingraycharles]

To be fair the “right to be forgotten” is, in fact, a law in the EU, it’s just that often you need to go through great lengths to exercise this right.

Apple’s playing field is just much more narrow, which allows it to enforce rules like these in an elegant manner which makes for a much better experience to the end user.

[kevin_thibedeau]

This is more about the "Hotel California" business model where you can't cancel a service without jumping through ridiculous hoops.

[WalterGR]

I’d never heard of the “Hotel California business model.” Googled it - for others: Hotel California is a song by the band The Eagles, which contains the lyrics:

  “Relax," said the night man,

  "We are programmed to receive

  You can check out any time you like

  But you can never leave!"

[DaiPlusPlus]

Can someone explain it to me, though?

Logically, after you check-out of a hotel you've surrendered your right to abode at that location - after that you're usually limited to common/shared areas like the lobby, bar, restaurant, maybe the pool - but excepting the lobby those places are closed at night - and they'd have security to remove people from the lobby if necessary - so as far as the Eagles' are concerned, what is it to "never leave" when you legally cannot stay?

[NobodyNada]

From Wikipedia:

> The song has been described as being "all about American decadence and burnout, too much money, corruption, drugs and arrogance; too little humility and heart." It has also been interpreted as an allegory about hedonism, self-destruction, and greed in the music industry of the late 1970s. Henley called it "our interpretation of the high life in Los Angeles", and later said: "It's basically a song about the dark underbelly of the American dream and about excess in America, which is something we knew a lot about."

Hotel California is, of course, not literally a hotel; it's a metaphor for an addictive and entrapping lifestyle, and your legal "right to abode at that location" is a real-world detail that doesn't really matter for the purposes of the metaphor. The singer wants to get out -- by "checking out" he has declared his intentions to leave the hotel, but the point of the song is that wanting to leave is not the same as actually leaving.

It's a bit more obvious if you consider the full verse:

> Mirrors on the ceiling / The pink champagne on ice / And she said: "We are all just prisoners here / Of our own device"

> And in the master's chambers / They gathered for the feast / They stab it with their steely knives / But they just can't kill the beast

> Last thing I remember, I was / Running for the door / I had to find the passage back / To the place I was before

> "Relax," said the night man / "We are programmed to receive / You can check out any time you like / But you can never leave!"

[cassonmars]

The song is a metaphor, though what the metaphor is has been debated — be it drugs or some other form of escapism. In any respect, the “check out” is a play on words of the euphemism for dying — your only way out is death, which is partly what makes the belief so popular that the song is a metaphor for a drug like heroin.

[Brian_K_White]

"check out" also has a slang meaning, not literally that you stopped paying for a hotel but get to stay anyway, and the song is not about a hotel.

[riffic]

It's not literal.

[nindalf]

You’re confusing the right to be removed from search engine indexes (right to be forgotten) with GDPR (control of data provided to websites)

[minsc__and__boo]

The right to a GDPR erasure request is sometimes called the right to be forgotten:

https://gdpr-info.eu/art-17-gdpr/

It is confusing, bc the latter is sometimes also used to refer to index removal too.

[disgu]

It's been EU law for a while that a company must delete all user data upon request.

[WalterGR]

Can anyone translate that into practical terms? To me that doesn’t match this post’s title, currently “AppStore: Apps supporting account creation must also offer account deletion”.

Quote:

  The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.

There’s nothing about account or stored-data-about-me deletion in there.

[comex]

It's the second sentence: "If your app supports account creation, you must also offer account deletion within the app."

[WalterGR]

Wow. Not sure how I missed that. Thanks.

[mimixco]

That sentence is about storing Facebook logins, for example, not storing other data about the user. Apple is saying you may allow people to login to their social networks (to post through your app) but you cannot save their login from Facebook into your private (off-device) server.

[minsc__and__boo]

You should consider your social media access credentials/tokens as data about you, because they can be used to request your social media data.

[DaiPlusPlus]

Right, but I'm still reading that as "you must allow people to log-out (locally)".

[egocentric]

“If your app supports account creation, you must also offer account deletion within the app.”

Separately, they should also do this for subscriptions.

[yakkers]

At present, by requiring the use of Apple's IAP system for subscriptions, this is already taken care of.

Given the Apple vs. Epic stuff going on, this may change soon -- In that case I'd also like to see rules against excessive retention tactics / dark patterns.