I think it will be enough to check the IP since it’s the case for some time now with the cookies. Websites only check the IP to display warnings in Europe that indicates they are collecting cookies.
How to do the ip-check in an easy way though? I’ve looked at some services, but they tend to have costs / rate limits etc. I know that google app engine has it built-in but seems a bit overkill to set up a backend services only for this. That’s why i’m thinking of checking the users locale instead. But might not be a good idea
Appodeal has a new dedicated GDPR page: https://www.appodeal.com/home/gdpr/
I highly recommend that people read it. One of the main take-aways I got from this was this in their FAQ section:
Do I have to request a consent only from EU users?
As the global privacy laws change, we recommend to request a consent from all users once, no matter where they are currently located. That will eliminate mistakes of not collecting consent from EU residents who are on a vacation elsewhere, for example.
I know this will annoy a lot of end users, but they feel (and I kind of agree) that you can’t trust any method of determining where someone one is because of things like vacations, VPNs etc. Given the various Facebook vs. privacy issues here in the United States, your customers may actually enjoy having that control too.
Rob
I think this is also important/helpful: You, as a Publisher, have to pass value of the consent to our SDK using a consent parameter in initialize() method. That makes me think they will have an option to show non-personalized ads, allowing us to forego the consent process entirely.
That is Appodeal’s plan. There are two situations outlined here: https://blog.appodeal.com/blog/2018/05/08/appodeal-gdpr-guide/
-
You are using an older SDK (if you update now and don’t wait on our new Corona Appodeal plugin). You still have to ask for permission. If it’s not granted or if you don’t ask, then don’t initialize the plugin and show ads. This is an all-or-nothing situation. No permission, no ads.
-
If you wait until we get our new plugin out using Appodeal SDK 2.3.3, then you have the option of passing that consent information to Appodeal. In your situation, you could always send “declined” and get non-targeted, less relevant ads, which is the situation you’re describing. I’m trying to find out what this means with regards to eCPM.
Rob
You have to request consent. Displaying the auto EULA from Apple will not be sufficient for GDPR. I have quoted the Appodeal privacy policy as well as highlighted in bold the important part:
(e) Software Development Kit
To provide our Services, we offer a software development kit (“SDK”) which allows us to access your Mobile Properties. We may collect Personal Information about users of your Mobile Properties through our SDK, including IP addresses, mobile advertising IDs, GPS location (if appropriate permission is given), application usage statistics such as launch times and duration, ad views and click-throughs. Advertisers or demand partners that provide content through our SDK may also collect Personal Information or other information about your users through our SDK. You agree that, in order to use our SDK, you will obtain appropriate consent from your users for the collection, use and sharing of Personal Information through our SDK , and that you will maintain and process all user data in accordance with your privacy policy and all applicable laws in any country in which your Mobile Properties are distributed or used and users are located.
As a side note here is what my current privacy/consent page looks like (very ugly). I don’t ask but they can always go to the page and give me permission to use Admob. I don’t believe it is 100% compliant for GDPR but at least it shows that I am trying.
And here is the quote from Startapp that will be part of their GDPR policy:
When consent is not passed to StratApp (or provided to you) StartApp will continue serve non-personalized advertising. Nonetheless, StratApp may decide to separately seek consent directly from the user for StartApp’s use of personal data.
So I guess I need to implement some kind of pop up in my game that asks for consent and shows the first time the game is run?
If you show the pop-up consent and they say no what are you planning on doing? Close the app?
This is just my opinion. My opinion only. If I was going to use Appodeal, I would not show any ads the x times they play a game. When they start their second or third game, I would give them an option either to buy the ad-free module or to consent to their personal data being used for targeted ads. If I had a reliable way to determine they were in the EU, I would do this scheme for users that are playing my game in the EU.
Another idea is to tie the consent to some currency in the game or to some other reward.
Since they are only enforcing this in the EU, if I don’t get a chance to implement the new component before May 25, should I make my game temporarily unavailable in those countries until I get this sorted out?
I guess that is an option. I don’t really know. Maybe others will chime in.
We’re also trying to figure this out - from how i understand it now we have to do something like this. But as you can see from my questions after i’m pretty confused…
-
Show a consent dialog ui at startup of the app, before Appodeal sdk is inited. Ask for consent to share user data with partners for monetization and analytics use. Link to terms / privacy policy where appodeal + all ad sdks are listed.
-
Store the record of the consent in a backend. how? what to store?
-
Provide a way for users to opt out and get tracked data removed. How to implement this? Is it needed if the consent is required to get into the app in the first place?
We’re also thinking about, as a tempory solution, doing a detection on the ip and if it’s an eu users we just won’t init appodeal at all. It will hurt us a bit revenue wise, but then we can wait and see how others will be doing.
Just for me:
-
I am not showing it at start-up. They can go and switch the consent to “on” by clicking on the icon.
-
I am not storing the consent in any backend. I am storing it on the local device.
-
I have a feedback form where they can ask to be removed from tracked data. In that case, I’ll just forward the request to the provider. Whoever that might be: Google or Doorbell (doorbell has a special email to do it).
@agramonte Interesting - thanks for sharing! I have some questions about your plan - hope you don’t mind!
Just trying to figure out what we could do in order to have a chance with this.
-
What would be the motivation for the user to turn it on? If it’s not necessary for playing the game?
-
From what i understand we need to keep a record of the GDPR consents (with identifier, timestamp and the terms on the consent date) to be able to prove we actually got the consent. But would be great if there was an opening to store the consent locally.
3. Feedback form is a great idea for data removal - i guess we could just use that as well and link to it from settings in the app. Wonder if we have to get the identifier of the user somehow then? In order to then pass it on to all the ad networks for data removal etc.
Pretty crazy all this - wonder if most appodeal games will actually have anything like this in place. Probably not.
It looks likes Google will allow turning off personalized ads, so I might just do that so I don’t have to mess around with this consent form.
Yea that might work if you’re only using Admob and directly, not through Appodeal or other mediators
It would be great if Appodeal allowed the same functionality to turn off personalized ads…
It is just for me:
-
I am showing the consent pop at start up for every user since I don’t want to use any private server to get the user ip address.
-
I will allow everyone to play without any ads for the first 3 times, then show the pop up. This would allow the players to make better decision whether they want to play more or not.
-
The pop up would state the following message:
To provide this app for Free To Play, this app uses Appodeal SDK for In App Advertisements. They may collect Personal data such as your device’s advertising ID, GPS data, IP addresses in order to show relevant ads. Do you consent? Note that the app will not function if you decline unless you buy No Ads feature.You can revoke consent from the settings screen at any time. Please press More if you are unsure. -
If the user accepts then I would use the appodeal.init. and change the consent state to true and use os.date("%d-%m-%Y") to save the date. Then save the data locally and also in the players google snapshot file.
-
If the user do not consent or is unsure then I take the user to the more info screen where this message along with my privacy, terms of use, no ads buy button, or consent button is shown
This app offers Ad-Free Experience also. You can buy this feature to turn off ads and prevent any data collection from Appodeal for showing you relevant ads.If you don’t want to buy then please give consent by pressing the Appodeal button and experience the game for free.You can use opt-out feature from your device settings to remove relevant ads, then Appodeal SDK may only collect non-Personal Information to show non-interest based advertising.
I have also added a consent button in settings in my app where the user can revoke consent when they wish and the app takes to more info screen either to buy no ads or consent option is shown.
This is the internal data structure:
gameData.consentDataNoAdsFeatureBuy = false
gameData.consentDataAppodeal = false
gameData.consentDataAppodealDate = os.date("%d-%m-%Y")
gameData.consentDataRevokeAppodealDate = os.date("%d-%m-%Y")
gameData.consentDataGoogleAnalytics = false
gameData.consentDataGoogleAnalyticsDate = os.date("%d-%m-%Y")
gameData.consentDataRevokeGoogleAnalyticsDate = os.date("%d-%m-%Y")
This is so far I could think of now after the appodeal privacy update. I was hoping they would take consent from user from the first ad screen being displayed.
For me a backend server would create added complexity that i am not prepared to do now.
Does anyone know of a way to detect region? Until we get a better solution what would be nice is if I could detect if they’re in the EU and just not start Appodeal.
You can pay for an IP geolocation service. Something like https://www.digitalelement.com/geolocation/