Ok. Thanks for the information. I understand this process but in short does it mean i need to remove all the plugins from all my games including gpgs for leaderboard and Admob too until watertight Plugins are provided from Corona. Till then all revenue will be zero and no score will be updated to the GPGS Leaderboards. I have no servers of my own to collect data and also i send no data implicitly to any of these.
@sahil19.sindh I would not do that myself. Just tell them you are disclosing their advertising ID and perhaps device ID too to those advertising companies and if they give their consent, they can continue but as I’ve said you have to make sure you complete those steps (withdrawing consent, data removal etc). If you are not ready to do them all before the deadline, do as you said and disable them until you meet those requirements and then send an update.
Ok. I will do one thing. I will disable flurry, kochava, firebase, facebook, chartboost for now. I will just let gpgs for leaderboards and admob for a little bit revenue. For admob i will give a consent form as you said. If they agree they can continue but what if they said no? Also how to achieve this withdrawing concent and data removal part that you told me if i use just admob and gpgs. I am really confused with this. If i remove admob them my business will be closed, if i remove leaderboards then i will get bad reviews for update.
I don’t have any ads on any of my games but thinking about adding appodeal. Is that now gpdr compliant. Is there any consent I have to give to players? Also is the google play games leaderboard plugin thing gods compliant?
I want to make sure we are clear on this point. Corona is collecting usage metrics from end user apps. We are a data driven company and need to have this data. We however are collecting that data in a safe way that contains no personal information that would require you to ask for permission. We also collect data on plugin usage, but we also now do that in a safe way that contains no personal information. You do not need to ask for permission on this.
Now if you’re using ad and analytics plugins (and like other similar plugins that depend on some type of ID) you will still need to present a consent form to the user and get their consent. Corona can’t control what data a service’s SDK collects and sends. We just wanted to get Corona out of the way in your GDRP implementation. You will have to use daily build 3286 or later. Any older builds of Corona will not be GDPR compliant.
Your basic process should be something like:
-
Determine if your user is in the EU and guided by GDPR (or optionally just show your dialogs to everyone)
-
Show a consent form with a link to your privacy policy and all of the plugins you’re using that collects data and a link to their privacy policies.
-
If the user does not provide consent, simply don’t initialize that plugin *(see note below)
-
Provide a way, perhaps on your settings screen for your end users to change their mind. If they withdraw permission later, don’t init the plugin, if they grant permission, init the plugin. Of course you will have to wrap your various .load() and .show() API calls with if statements based on the permissions being granted or not.
* Appodeal is in the process of releasing a version of their SDK (and we are in the process of adding that support to the Appodeal plugin) where you can still initialize the plugin and call the various ad .load() and .show() functions, but if permission is not granted for data collection, the ads will be generic and less relevant. It’s why its critical to understand what Appodeal is doing as written here: https://blog.appodeal.com/blog/2018/05/08/appodeal-gdpr-guide/
I don’t know at this time what the API call will look like to let Appodeal know if consent has been granted or not.
I also don’t know what the other ad providers are planning or how fast we can implement features supported by new SDK’s.
Don’t be afraid to ask for consent. You’re not the only app developer having to do this. Native developers, other framework developers and more will be doing this as well. Maybe at some point the EU may back off of this.
If ad income is critical to your app, you should consider adding an In-App purchase to continue using the app without ads so you can have an alternate revenue stream. As for GPGS, I would think most people would grant permission for that. But it’s their call.
Rob
The game services like game center and google play services are GDPR compliant (as far as I have read).
-
They request permission for every app that uses it.
-
They state the data that they will share.
-
The user is able to remove consent by logging out or delete the permission from the game.
The current version of Admob that the corona plugin is using is technically GDPR compliant, it just doesn’t have the hooks to turn off consent. Show a consent dialog with a button. Appodeal has an example in their latest SDK. If they don’t give you consent you can’t show the ads. if they do then show ads.
What else can you do if they don’t give you consent for ads?
-
Direct them to the paid version or a paid in-app purchase option.
-
Show static internal ads for your other games until we get updated plugins.
-
Don’t let them play the game. (I rather let them play and then re-introduce ads when we have an option).
-
Use an ad provider that the default is no consent. Startapp is the only one so far that has confirmed to me that that is the case.
5. I would also start implementing Appodeal. They will probably update their plugin first.
To remove data have a way for the user to send you a message with their advertising id. Then forward that advertising id to Admob and request that they remove all data associated. Same for a request for data.
Another option is to stop offering your app in the countries impacted by GDPR.
Ok, we understand. So you mean if user withdraw his consent then we need to ask admob manually to remove all data related to that advertising id.
Which we are supposed to get from using plugin.advertisingId and using method .getAdvertisingaid.
Also we are safe to use gpgs for leaderboard but we just need to give a link to the privacy policy and tell users we use gpgs.
Yes, and you need to do that for all the personal data collectors that are using your apps to do it. I like how @agramonte provided multiple solutions by the way.
Is there any app in the market which has meet the GDPR compliance.i really want to test that out and see how it works. Any one if know any app please tell to others please.
The notes for 3286 state “iOS/Android: Corona built apps would not send any personal information about user”, does this mean that Mac/Win/Web still do, or that they never did in the first place?
We are collecting stats on those platforms, but we were doing so without sending IDs. We are not sending stats from HTML5 at all.
(incomplete information post removed and replaced with this one)
Rob
This? Has anyone seen any of the bigger publishers implement the consent as yet?
Also I have not read about it too much, but we need to store if the user has accepted or denied consent? what do we store if the user denies consent on our side. Some form of ID surely to associate the device to the denial of consent. Wouldn’t this be incompliant regardless as the user would deny, yet we have to store some form of pii (ID) anyway?
Admob says in a forum that their Api’s for non targetting Ads will be ready by mid may but will work only after 25th. This is like a sword on head. We have to update 35 apps and not getting why Admob is not clear. Corona has a plugin for Admob. Please tell do they tell you about that API’s and also is there any work going on to make those API’s work within plugin that corona offers.
About Admob and other ad providers on topic:
As stated @ Admob’s docs page for gdpr:
Note: The Consent SDK will be made available by mid-May. The functionality, however, will not take effect until May 25, 2018. Please do not attempt to use these APIs before May 25, because they may disrupt ad serving on your app.
We’ve prepared an update, but can’t provide it to you yet for that reason. As soon as new functionality will become available by Admob - new plugin release will be public.
And that’s the issue with this gdpr compliance on our ad plugins: a lot of companies still haven’t implemented it on their side. But we can update our plugins only after they will and only then you can update you apps, which I’m sure is frustrating for you, but that’s how things are going to happen. We are fully aware of a need to update all our >20 ad and analytics plugin and trying to bring this new features to our end users ASAP. With that said, it’s easy to miss a new SDK update for some specific ad provider just in time with all that rush, so any feedback is welcome, as always.
@Karpovpw, that’s good news. Can you please share what parts of the SDK you have implemented? In order to manage expectations and let us prepare.
@perflubron, Due to some limitations, we can’t provide Google’s consent form and their Consent SDK, at least for now. AdRequest configuration (the one, that you’ve already mentioned earlier) is the one that is implemented.
Thos is what Google told to us in Admob.
To comply, and support your compliance with GDPR, we are:
Launching a solution to support publishers that want to show only non-personalized ads.
I think this is one of the 2 things that we need.
- We give consent form at start. If user says yes then we give persinalized Ads if say no we show Non-Personalized Ads.
- Same a user can do in settings. He can change his mind any number of times and so we shift Ads from Personal and Non personal.
- This is second task of two things. If a user removed consent later from settings. How with the use of Advertising Id’s we tell Admob or Corona to remove any personal Data related to that user.
Please anyone if has any idea fill fast. Many developers like us need to work together by helping each other on this.
We just made a build with Corona 2018.3286, then watched its network connection:
It connects to https://stats.coronalabs.com (which is new with this build).
It sends what looks like very basic anonymous analytics:
{ "tm": 1526373342, // timestamp "c": "US", // country code "b": "s5962", // ? "pl": "iOS11.3", // platform "i": 17666, // ? "bi": "com.example.appidentifier" // app identifier }
@Corona could you please tell us what “b” and “i” are?
Wrote another post with some more concrete plans on preparing for GDPR.
https://medium.com/@perhaglund/making-my-apps-gdpr-compliant-part-2-c0cdf6a14501
[member=‘Studycat2’] those values are same for all installs, showing day and specific build, in other words - not user IDs