GDPR Compliance

rob · June 19, 2018, 9:28pm

You need to understand what a global “no consent” means. That means 100% of your customers are going to see lower value non-targeted ads, even in countries that GDPR doesn’t impact. If multiple developers take this “easy” route, it will have a huge impact on the overall eCPM value of AdMob ads. Google needs as many people to get consent as possible.

I know setting up a consent dialog is a bit of work. I know adding items to a settings screen and tracking the users choices is also a bit of work, but it’s your income and it’s the income of your upstream providers and it’s an impact all the way up the supply chain.

As for your other questions, GDPR is about giving users the choice for when their personal data is used. Game networking like GPGS and In-App purchases simply can’t work with out personally identifiable data. There isn’t a way to say “No Consent” that makes any sense to someone trying to buy something in your app. Of course, you have to give the user the option to consent to these features, but you don’t need any plugin-side features. Simply do not initialize the plugin, don’t call any of it’s API’s and hide UI elements like a Leaderboard button if they don’t consent.

As for the notifications plugin, there isn’t any data collection with local notifications. However push notifications won’t work without a device ID so again, if the user doesn’t give you consent, don’t call the register device API. You would also not initialize OneSignal.

The social popup itself shouldn’t be collecting any data, and if the user chooses to click on a button that’s offered by it, the app that’s being selected would have it’s own responsibility to manage it’s on GDPR.

Rob

david.ciaudo · June 19, 2018, 10:34pm

I’m not really worried about the extra work but about the fact that agramonte is saying that even if I set hasUserConsent=false, I still have to get the user consent to display ads with admob, so basically I get a popup which looks like this:

Do you consent sharing personnal data (to get ads)?

YES NO

Let’s be honnest, who gonna press yes, once they realise pressing no will remove ads for free? xD

In my head it was:

-admod with hasUserConsent=false -> non targeted ads (low ecpm)

-admob with hasUserConsent=true -> targeted ads (better income)

But at least if a user refuse giving consent, he still get not targeted ads.

Am I wrong?

Also, I’m worried about analytics. Basically, if users don’t give consent, we can’t track them anymore to see which of the different user acquisition campaigns are efficient. (facebook publish install function or tenjin plugin). Also, as not 100% of users will give their consent, we’ll need more users to get significant metrics, so possibly more cost if you are paying user acquisition.

anon63346430 · June 19, 2018, 11:33pm

FWIW, I use google analytics (via REST API so I can opt out), I also use Vungle latest SDK and I automatically opt users out from targeted ads. Therefore i need no poxy “opt in” consent.

End result, no change on ad revenue (although ads for me is value added).

Don’t stress the details, if your ad network demands a crappy user opt in then maybe re-evaluate your ad network?

bgmadclown · June 23, 2018, 12:46pm

@david.ciaudo, I don’t know if there is another case to that but as far as I know, not giving consent to an ad network means non-targeted ads.

Another article on GDPR: https://medium.com/droidsonroids/what-does-gdpr-mean-for-mobile-app-owners-12-use-cases-e047500772e3

rob · June 23, 2018, 5:55pm

I can understand AdMob not wanting you to just blanket choose non-targeted ads. If income is important to you, you should not want to do this either.

If you just choose to set hasUserConsent to false for everyone, that means your US customers, your EU customer and your other worldwide customers are not going to get more valuable ads. That means 100% of your customers are going to get diminished value ads. Since there isn’t a good way to determine if your user is in the EU or not, you can’t limit this decision to only those customers.

If you present your dialog to your users in the right way, you’re going to get people to opt in that you would otherwise be loosing. It’s better on you to get as many of your users to opt it. Now think about this from Google’s perspective. They have perhaps hundreds of thousands of developers using their SDK. They make more money from targeted ads. If you and every other developer just choose to skip giving users a choice, you’re not only hurting your bottom line but hurting theirs. I can see why they are enforcing this.

You want to ask the users to opt in to ads that are more interesting to them, something that seems desirable instead of saying “we are going to track you and take your personal information”.

Rob

d2gp · December 29, 2020, 10:38pm

hi, I’m just updating one of my apps and my privacy policy on my website. What I used to say is “All of my apps are built using the Corona SDK platform. Metrics collected by Corona-based apps are GDPR safe, and do not collect any IDs or data points that would be considered personal data under these data regulations”.

Is this still an accurate statement when applied to Solar2D?
Thanks.