GDPR Compliance

rob · May 31, 2018, 2:42pm

Ben, starting with daily build 3286, we stopped collecting anything that fell into the personal ID category (IP address, IDFV, the Android equiv). (Note, you should use 3301 or later since we fixed some build bugs on older iOS and Android versions). If you use a community made plugin, we don’t control the source to that plugin and it’s up to the vendor to make sure their plugin is GDPR compliant. And for plugins we have control over the plugin source, once we call the third-party SDK, we no longer have control over what that SDK does.

Rob

gamebit.labs · May 31, 2018, 4:13pm

Thanks for explaining the method.

Have you rolled out a consent form for your apps? Can you share how your consent form looks like?

Do you use a single tick/action to consent all? Or do you use individual ticks/actions for each plugin?

What is the average % of parents giving you consent?

Ben

gamebit.labs · May 31, 2018, 4:14pm

Thanks Rob, just want to confirm the plugins are not collecting additional data.

Ben.

gamebit.labs · June 2, 2018, 2:20am

Do you have any sample code on how you anonymized IP address before sending it to GA?

Ben.

perflubron · June 5, 2018, 8:14am

Ben: https://support.google.com/analytics/answer/2763052?hl=env . Set aip=1

I’m using this code: https://bitbucket.org/Jonjonsson/google-analytics-for-corona-sdk/src/master/

gamebit.labs · June 5, 2018, 9:29am

Thanks for the links.

gamebit.labs · June 5, 2018, 10:03am

Hi perflubron,

I can’t create a new “mobile app” property on Google Analytics. It keeps asking me to link to Firebase and integrate the Firebase SDK.

How do you do it for your new apps?

Ben

perflubron · June 5, 2018, 10:05am

Been a while since I created a new app, back then it worked :/

Sorry

gamebit.labs · June 5, 2018, 12:24pm

Maybe I need to recycle an old inactive id.

Ben

anon63346430 · June 5, 2018, 12:25pm

@gamebit set it up as you would do for a website and then set up a view that is “mobile app”

davebollinger · June 5, 2018, 12:51pm

Humorous (?) aside: my son launched Rovio’s Angry Birds Epic for the first time in a few weeks, and got a pop to accept their TOS. Just an “accept” button, and a “read tos” button, that’s it.

(there are other more-deeply burried opt-out buttons etc, but before you can even go hunting for them you’ve got to slog through TOS)

So, curious, I took a look at their TOS, and oh my, what a steaming pile of legalese rubbish it has become.

I think the net effect of GDPR will be to render terms/privacy notices unreadable to the average non-lawyer human!

ref Rovio’s terms, privacy, data, faq

davebollinger · June 5, 2018, 2:47pm

fwiw, in case you find a need to diy, there is some code here

gamebit.labs · June 6, 2018, 6:30am

Thanks @dave

gamebit.labs · June 6, 2018, 8:05am

Thank SGS

toblotron · June 8, 2018, 7:19am

Just checking; This requires that you use the REST API, right?

bgmadclown · June 19, 2018, 11:01am

Like @davebollinger mentioned above, I’ve also seen some indie titles following that approach. There is a warning message where the dev says “we collect data to show you tailored ads etc.” and you are asked to accept it to continue. There is not even a simple privacy policy link you can easily reach.

I’m not sure that it’s working as EU expected. I guess it will work pretty loosely until someone gets fined or something. Other than that, big or small, devs don’t seem to care that much about GDPR.

cyberparkstudios · June 19, 2018, 1:12pm

I figure to do my best to comply with the GDPR stuff, so my apps don’t get pulled or banned from the app stores. So I am using the newest daily build of corona and I am not doing any analytics for now - because I am not sure it is worth potential GDPR issues if I use analytics.

For ads I am using Appodeal, and somewhere here on the forums I found a module that I am using that posts a message from Appodeal explaining what they do and such, and asks user to accept or decline. This appodeal message only shows on first run of the app, because I save the choice user makes and use that to init the ad manager on subsequent start ups… so at least my user only needs to be bothered with that distraction’ once - first time they run the app.

I am releasing that app today on Google Play so we will see if that is sufficient to be GDPR compliant. I think it is.

david.ciaudo · June 19, 2018, 7:37pm

Hi, here is a list of plugins my apps are using and I would like to know which ones are GDPR compliant if user does not give consent:

[“plugin.admob”] -> with hasUserConsent=false

[“plugin.tenjin”] -> with hasUserConsent=false

[“plugin.facebook.v4a”] -> used to call the publishInstall function so I guess no?

[“plugin.flurry.analytics”] -> used to log events so I guess no?

[“plugin.facebookAnalytics”] -> used to log events too so I guess no?

[“plugin.OneSignal”] -> used to send push notifications so I guess no

[“plugin.google.iap.v3”] -> OK?

[“CoronaProvider.native.popup.social”] -> OK?

[“plugin.iCloud”] -> OK?

[“plugin.notifications”] ->OK?

[“CoronaProvider.gameNetwork.apple”] -> ???

[“plugin.gpgs”] -> ???

Seriously what a mess…

agramonte · June 19, 2018, 7:56pm

[“plugin.admob”] -> with hasUserConsent=false

According to the admob documentation even with the “hasUserConsent” flag as false you still need to ask consent before showing ads.

david.ciaudo · June 19, 2018, 8:09pm

What? So if the user does not give consent, I can’t show ads? This can’t be?! xD